CURLOPT_SSL_OPTIONS - set SSL behavior options
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_OPTIONS, long bitmask);
Pass a long with a bitmask to tell libcurl about specific SSL behaviors.
tells libcurl to not attempt to use any
workarounds for a security flaw in the SSL3 and TLS1.0 protocols. If this
option isn't used or this bit is set to 0, the SSL layer libcurl uses may use
a work-around for this flaw although it might cause interoperability problems
with some (older) SSL implementations. WARNING: avoiding this work-around
lessens the security, and by setting this option to 1 you ask for exactly
that. This option is only supported for DarwinSSL, NSS and OpenSSL.
Added in 7.44.0:
tells libcurl to disable certificate revocation
checks for those SSL backends where such behavior is present. Currently
this option is only supported for WinSSL (the native Windows SSL
library), with an exception in the case of Windows' Untrusted
Publishers blacklist which it seems can't be bypassed.
may have broader support to accommodate other SSL backends in the future.
All TLS-based protocols
CURL *curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
/* weaken TLS only for use with silly servers */
curl_easy_setopt(curl, CURLOPT_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST |
ret = curl_easy_perform(curl);
Added in 7.25.0
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.