quickjs-tart

quickjs-based runtime for wallet-core logic
Log | Files | Refs | README | LICENSE

CURLOPT_SSL_CIPHER_LIST.md (2683B)

      1 ---
      2 c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
      3 SPDX-License-Identifier: curl
      4 Title: CURLOPT_SSL_CIPHER_LIST
      5 Section: 3
      6 Source: libcurl
      7 See-also:
      8   - CURLOPT_PROXY_SSL_CIPHER_LIST (3)
      9   - CURLOPT_PROXY_TLS13_CIPHERS (3)
     10   - CURLOPT_SSLVERSION (3)
     11   - CURLOPT_TLS13_CIPHERS (3)
     12   - CURLOPT_USE_SSL (3)
     13 Protocol:
     14   - TLS
     15 TLS-backend:
     16   - OpenSSL
     17   - Schannel
     18   - wolfSSL
     19   - mbedTLS
     20   - rustls
     21   - GnuTLS
     22 Added-in: 7.9
     23 ---
     24 
     25 # NAME
     26 
     27 CURLOPT_SSL_CIPHER_LIST - ciphers to use for TLS
     28 
     29 # SYNOPSIS
     30 
     31 ~~~c
     32 #include <curl/curl.h>
     33 
     34 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CIPHER_LIST, char *list);
     35 ~~~
     36 
     37 # DESCRIPTION
     38 
     39 Pass a char pointer, pointing to a null-terminated string holding the list of
     40 cipher suites to use for the TLS 1.2 (1.1, 1.0) connection. The list must
     41 be syntactically correct, it consists of one or more cipher suite strings
     42 separated by colons.
     43 
     44 For setting TLS 1.3 ciphers see CURLOPT_TLS13_CIPHERS(3).
     45 
     46 A valid example of a cipher list with OpenSSL is:
     47 ~~~
     48 "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:"
     49 "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305"
     50 ~~~
     51 
     52 For Schannel, you can use this option to set algorithms but not specific
     53 cipher suites. Refer to the ciphers lists document for algorithms.
     54 
     55 GnuTLS has the concept of a
     56 [priority string](https://gnutls.org/manual/html_node/Priority-Strings.html)
     57 which has its own syntax and keywords. The string set via
     58 CURLOPT_SSL_CIPHER_LIST(3) directly influences the priority setting.
     59 
     60 Find more details about cipher lists on this URL:
     61 
     62  https://curl.se/docs/ssl-ciphers.html
     63 
     64 The application does not have to keep the string around after setting this
     65 option.
     66 
     67 Using this option multiple times makes the last set string override the
     68 previous ones. Set it to NULL to disable its use again.
     69 
     70 # DEFAULT
     71 
     72 NULL, use built-in list
     73 
     74 # %PROTOCOLS%
     75 
     76 # EXAMPLE
     77 
     78 ~~~c
     79 int main(void)
     80 {
     81   CURL *curl = curl_easy_init();
     82   if(curl) {
     83     CURLcode res;
     84     curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
     85     curl_easy_setopt(curl, CURLOPT_SSL_CIPHER_LIST,
     86                      "ECDHE-ECDSA-CHACHA20-POLY1305:"
     87                      "ECDHE-RSA-CHACHA20-POLY1305");
     88     res = curl_easy_perform(curl);
     89     curl_easy_cleanup(curl);
     90   }
     91 }
     92 ~~~
     93 
     94 # HISTORY
     95 
     96 OpenSSL support added in 7.9.
     97 wolfSSL support added in 7.53.0.
     98 Schannel support added in 7.61.0.
     99 mbedTLS support added in 8.8.0.
    100 Rustls support added in 8.10.0.
    101 
    102 Since curl 8.10.0 returns CURLE_NOT_BUILT_IN when not supported.
    103 
    104 # %AVAILABILITY%
    105 
    106 # RETURN VALUE
    107 
    108 curl_easy_setopt(3) returns a CURLcode indicating success or error.
    109 
    110 CURLE_OK (0) means everything was OK, non-zero means an error occurred, see
    111 libcurl-errors(3).