2024-03-16 02:55:33 +00:00
|
|
|
.\" generated by cd2nroff 0.1 from CURLOPT_SSL_CIPHER_LIST.md
|
2024-06-01 20:49:19 +00:00
|
|
|
.TH CURLOPT_SSL_CIPHER_LIST 3 "2024-06-01" libcurl
|
2024-03-16 02:55:33 +00:00
|
|
|
.SH NAME
|
|
|
|
CURLOPT_SSL_CIPHER_LIST \- ciphers to use for TLS
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.nf
|
|
|
|
#include <curl/curl.h>
|
|
|
|
|
|
|
|
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CIPHER_LIST, char *list);
|
|
|
|
.fi
|
|
|
|
.SH DESCRIPTION
|
|
|
|
Pass a char pointer, pointing to a null\-terminated string holding the list of
|
|
|
|
ciphers to use for the SSL connection. The list must be syntactically correct,
|
|
|
|
it consists of one or more cipher strings separated by colons. Commas or
|
|
|
|
spaces are also acceptable separators but colons are normally used, !, \- and
|
|
|
|
+ can be used as operators.
|
|
|
|
|
|
|
|
For OpenSSL and GnuTLS valid examples of cipher lists include \fBRC4\-SHA\fP,
|
|
|
|
\fBSHA1+DES\fP, \fBTLSv1\fP and \fBDEFAULT\fP. The default list is normally set when
|
|
|
|
you compile OpenSSL.
|
|
|
|
|
|
|
|
For WolfSSL, valid examples of cipher lists include \fBECDHE\-RSA\-RC4\-SHA\fP,
|
|
|
|
\fBAES256\-SHA:AES256\-SHA256\fP, etc.
|
|
|
|
|
2024-06-01 20:49:19 +00:00
|
|
|
For mbedTLS and BearSSL, valid examples of cipher lists include
|
2024-03-16 02:55:33 +00:00
|
|
|
\fBECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-AES128\-GCM\-SHA256\fP, or when using
|
|
|
|
IANA names
|
|
|
|
\fBTLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\fP,
|
2024-06-01 20:49:19 +00:00
|
|
|
etc. With mbedTLS and BearSSL you do not add/remove ciphers. If one uses this
|
|
|
|
option then all known ciphers are disabled and only those passed in are
|
|
|
|
enabled.
|
2024-03-16 02:55:33 +00:00
|
|
|
|
|
|
|
For Schannel, you can use this option to set algorithms but not specific
|
|
|
|
cipher suites. Refer to the ciphers lists document for algorithms.
|
|
|
|
|
|
|
|
Find more details about cipher lists on this URL:
|
|
|
|
|
|
|
|
https://curl.se/docs/ssl\-ciphers.html
|
|
|
|
|
|
|
|
The application does not have to keep the string around after setting this
|
|
|
|
option.
|
|
|
|
.SH DEFAULT
|
|
|
|
NULL, use internal default
|
|
|
|
.SH PROTOCOLS
|
|
|
|
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
|
2024-03-30 18:28:04 +00:00
|
|
|
|
|
|
|
This option works only with the following TLS backends:
|
2024-06-01 20:49:19 +00:00
|
|
|
BearSSL, GnuTLS, OpenSSL, Schannel, Secure Transport, mbedTLS and wolfSSL
|
2024-03-16 02:55:33 +00:00
|
|
|
.SH EXAMPLE
|
|
|
|
.nf
|
|
|
|
int main(void)
|
|
|
|
{
|
|
|
|
CURL *curl = curl_easy_init();
|
|
|
|
if(curl) {
|
|
|
|
CURLcode res;
|
|
|
|
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
|
|
|
|
curl_easy_setopt(curl, CURLOPT_SSL_CIPHER_LIST, "TLSv1");
|
|
|
|
res = curl_easy_perform(curl);
|
|
|
|
curl_easy_cleanup(curl);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
.fi
|
|
|
|
.SH AVAILABILITY
|
2024-06-01 20:49:19 +00:00
|
|
|
Added in 7.9, in 7.83.0 for BearSSL, in 8.8.0 for mbedTLS
|
2024-03-16 02:55:33 +00:00
|
|
|
|
|
|
|
If built TLS enabled.
|
|
|
|
.SH RETURN VALUE
|
|
|
|
Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or
|
|
|
|
CURLE_OUT_OF_MEMORY if there was insufficient heap space.
|
|
|
|
.SH SEE ALSO
|
|
|
|
.BR CURLOPT_PROXY_SSL_CIPHER_LIST (3),
|
|
|
|
.BR CURLOPT_PROXY_TLS13_CIPHERS (3),
|
|
|
|
.BR CURLOPT_SSLVERSION (3),
|
|
|
|
.BR CURLOPT_TLS13_CIPHERS (3),
|
|
|
|
.BR CURLOPT_USE_SSL (3)
|