Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CURLOPT_SSL_CIPHER_LIST(3) Library Functions Manual CURLOPT_SSL_CIPHER_LIST(3)

NAME
       CURLOPT_SSL_CIPHER_LIST - ciphers to use	for TLS

SYNOPSIS
       #include	<curl/curl.h>

       CURLcode	curl_easy_setopt(CURL *handle, CURLOPT_SSL_CIPHER_LIST,	char *list);

DESCRIPTION
       Pass  a	char pointer, pointing to a null-terminated string holding the
       list of cipher suites to	use for	the TLS	1.2 (1.1, 1.0) connection. The
       list must be syntactically correct, it consists of one or  more	cipher
       suite strings separated by colons.

       For setting TLS 1.3 ciphers see CURLOPT_TLS13_CIPHERS(3).

       A valid example of a cipher list	with OpenSSL is:
       "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:"
       "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305"

       For  Schannel,  you  can	use this option	to set algorithms but not spe-
       cific cipher suites. Refer to the  ciphers  lists  document  for	 algo-
       rithms.

       GnuTLS  has  the	concept	of a [priority string](https://gnutls.org/man-
       ual/html_node/Priority-Strings.html) which has its own syntax and  key-
       words.  The  string  set	via CURLOPT_SSL_CIPHER_LIST(3) directly	influ-
       ences the priority setting.

       Find more details about cipher lists on this URL:

	https://curl.se/docs/ssl-ciphers.html

       The application does not	have to	keep the string	around	after  setting
       this option.

       Using this option multiple times	makes the last set string override the
       previous	ones. Set it to	NULL to	disable	its use	again.

DEFAULT
       NULL, use built-in list

PROTOCOLS
       This functionality affects all TLS based	protocols: HTTPS, FTPS,	IMAPS,
       POP3S, SMTPS etc.

       This  option  works  only  with	the  following	TLS backends: BearSSL,
       GnuTLS, OpenSSL,	Schannel, Secure Transport, mbedTLS, rustls and	 wolf-
       SSL

EXAMPLE
       int main(void)
       {
	 CURL *curl = curl_easy_init();
	 if(curl) {
	   CURLcode res;
	   curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
	   curl_easy_setopt(curl, CURLOPT_SSL_CIPHER_LIST,
			    "ECDHE-ECDSA-CHACHA20-POLY1305:"
			    "ECDHE-RSA-CHACHA20-POLY1305");
	   res = curl_easy_perform(curl);
	   curl_easy_cleanup(curl);
	 }
       }

HISTORY
       OpenSSL support added in	7.9.  wolfSSL support added in 7.53.0.	Schan-
       nel support added in 7.61.0.  Secure Transport support added in 7.77.0.
       BearSSL	support	 added	in  7.83.0.   mbedTLS  support added in	8.8.0.
       Rustls support added in 8.10.0.

       Since curl 8.10.0 returns CURLE_NOT_BUILT_IN when not supported.

AVAILABILITY
       Added in	curl 7.9

RETURN VALUE
       curl_easy_setopt(3) returns a CURLcode indicating success or error.

       CURLE_OK	(0) means everything was OK, non-zero means an error occurred,
       see libcurl-errors(3).

SEE ALSO
       CURLOPT_PROXY_SSL_CIPHER_LIST(3), CURLOPT_PROXY_TLS13_CIPHERS(3),  CUR-
       LOPT_SSLVERSION(3), CURLOPT_TLS13_CIPHERS(3), CURLOPT_USE_SSL(3)

libcurl				  2025-06-03	    CURLOPT_SSL_CIPHER_LIST(3)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=CURLOPT_SSL_CIPHER_LIST&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>

home | help