Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CURLOPT_SSL_OPTIONS(3)	   curl_easy_setopt options	CURLOPT_SSL_OPTIONS(3)

NAME
       CURLOPT_SSL_OPTIONS - set SSL behavior options

SYNOPSIS
       #include	<curl/curl.h>

       CURLcode	 curl_easy_setopt(CURL *handle,	CURLOPT_SSL_OPTIONS, long bit-
       mask);

DESCRIPTION
       Pass a long with	a bitmask to tell libcurl about	 specific  SSL	behav-
       iors.

       CURLSSLOPT_ALLOW_BEAST  tells  libcurl  to not attempt to use any work-
       arounds for a security flaw in the SSL3 and TLS1.0 protocols.  If  this
       option  isn't  used or this bit is set to 0, the	SSL layer libcurl uses
       may use a work-around for this flaw although it might cause  interoper-
       ability problems	with some (older) SSL implementations. WARNING:	avoid-
       ing this	work-around lessens the	security, and by setting  this	option
       to  1 you ask for exactly that.	This option is only supported for Dar-
       winSSL, NSS and OpenSSL.

       Added in	7.44.0:

       CURLSSLOPT_NO_REVOKE tells libcurl to  disable  certificate  revocation
       checks for those	SSL backends where such	behavior is present. Currently
       this option is only supported for WinSSL	(the native  Windows  SSL  li-
       brary),	with an	exception in the case of Windows' Untrusted Publishers
       blacklist which it seems	 can't	be  bypassed.  This  option  may  have
       broader	support	 to  accommodate  other	 SSL  backends	in the future.
       https://curl.haxx.se/docs/ssl-compared.html

DEFAULT
       0

PROTOCOLS
       All TLS-based protocols

EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl)	{
	 curl_easy_setopt(curl,	CURLOPT_URL, "https://example.com/");
	 /* weaken TLS only for	use with silly servers */
	 curl_easy_setopt(curl,	CURLOPT_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST |
			  CURLSSLOPT_NO_REVOKE);
	 ret = curl_easy_perform(curl);
	 curl_easy_cleanup(curl);
       }

AVAILABILITY
       Added in	7.25.0

RETURN VALUE
       Returns CURLE_OK	if the option is supported,  and  CURLE_UNKNOWN_OPTION
       if not.

SEE ALSO
       CURLOPT_SSLVERSION(3), CURLOPT_SSL_CIPHER_LIST(3),

libcurl	7.54.1			 May 31, 2017		CURLOPT_SSL_OPTIONS(3)

NAME | SYNOPSIS | DESCRIPTION | DEFAULT | PROTOCOLS | EXAMPLE | AVAILABILITY | RETURN VALUE | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=CURLOPT_SSL_OPTIONS&sektion=3&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help