NAME

       CURLOPT_PROXY_SSL_OPTIONS - set proxy SSL behavior options

SYNOPSIS

       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_OPTIONS, long bitmask);

DESCRIPTION

       Pass a long with a bitmask to tell libcurl about specific SSL behaviors.

       CURLSSLOPT_ALLOW_BEAST  tells libcurl to not attempt to use any workarounds for a security
       flaw in the SSL3 and TLS1.0 protocols.  If this option isn't used or this bit is set to 0,
       the  SSL  layer  libcurl  uses may use a work-around for this flaw although it might cause
       interoperability problems with some (older) SSL implementations.  WARNING:  avoiding  this
       work-around  lessens  the  security,  and  by setting this option to 1 you ask for exactly
       that.  This option is only supported for DarwinSSL, NSS and OpenSSL.

       CURLSSLOPT_NO_REVOKE tells libcurl to disable certificate revocation checks for those  SSL
       backends  where  such behavior is present. This option is only supported for Schannel (the
       native Windows SSL  library),  with  an  exception  in  the  case  of  Windows'  Untrusted
       Publishers blacklist which it seems can't be bypassed.

DEFAULT

       0

PROTOCOLS

       All

AVAILABLE

       Added in 7.52.0

EXAMPLE

       CURL *curl = curl_easy_init();
       if(curl) {
         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
         curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy");
         /* weaken TLS only for use with silly proxies */
         curl_easy_setopt(curl, CURLOPT_PROXY_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST |
                          CURLSSLOPT_NO_REVOKE);
         ret = curl_easy_perform(curl);
         curl_easy_cleanup(curl);
       }

RETURN VALUE

       Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

SEE ALSO

       CURLOPT_PROXY_SSLVERSION(3),    CURLOPT_PROXY_SSL_CIPHER_LIST(3),   CURLOPT_SSLVERSION(3),
       CURLOPT_SSL_CIPHER_LIST(3),