Provided by: libcurl4-doc_7.58.0-2ubuntu3.24_all bug

NAME

       CURLOPT_SSL_OPTIONS - set SSL behavior options

SYNOPSIS

       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_OPTIONS, long bitmask);

DESCRIPTION

       Pass a long with a bitmask to tell libcurl about specific SSL behaviors.

       CURLSSLOPT_ALLOW_BEAST  tells libcurl to not attempt to use any workarounds for a security
       flaw in the SSL3 and TLS1.0 protocols.  If this option isn't used or this bit is set to 0,
       the  SSL  layer  libcurl  uses may use a work-around for this flaw although it might cause
       interoperability problems with some (older) SSL implementations.  WARNING:  avoiding  this
       work-around  lessens  the  security,  and  by setting this option to 1 you ask for exactly
       that.  This option is only supported for DarwinSSL, NSS and OpenSSL.

       Added in 7.44.0:

       CURLSSLOPT_NO_REVOKE tells libcurl to disable certificate revocation checks for those  SSL
       backends  where  such  behavior  is  present.  Currently this option is only supported for
       WinSSL (the native Windows SSL library),  with  an  exception  in  the  case  of  Windows'
       Untrusted  Publishers  blacklist  which  it  seems can't be bypassed. This option may have
       broader   support    to    accommodate    other    SSL    backends    in    the    future.
       https://curl.haxx.se/docs/ssl-compared.html

DEFAULT

       0

PROTOCOLS

       All TLS-based protocols

EXAMPLE

       CURL *curl = curl_easy_init();
       if(curl) {
         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
         /* weaken TLS only for use with silly servers */
         curl_easy_setopt(curl, CURLOPT_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST |
                          CURLSSLOPT_NO_REVOKE);
         ret = curl_easy_perform(curl);
         curl_easy_cleanup(curl);
       }

AVAILABILITY

       Added in 7.25.0

RETURN VALUE

       Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

SEE ALSO

       CURLOPT_SSLVERSION(3), CURLOPT_SSL_CIPHER_LIST(3),