1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_PROXY_SSL_CIPHER_LIST 5Section: 3 6Source: libcurl 7See-also: 8 - CURLOPT_PROXY_SSLVERSION (3) 9 - CURLOPT_PROXY_TLS13_CIPHERS (3) 10 - CURLOPT_SSLVERSION (3) 11 - CURLOPT_SSL_CIPHER_LIST (3) 12 - CURLOPT_TLS13_CIPHERS (3) 13Protocol: 14 - TLS 15TLS-backend: 16 - OpenSSL 17 - BearSSL 18 - Schannel 19 - Secure Transport 20 - wolfSSL 21 - GnuTLS 22 - mbedTLS 23--- 24 25# NAME 26 27CURLOPT_PROXY_SSL_CIPHER_LIST - ciphers to use for HTTPS proxy 28 29# SYNOPSIS 30 31~~~c 32#include <curl/curl.h> 33 34CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_CIPHER_LIST, 35 char *list); 36~~~ 37 38# DESCRIPTION 39 40Pass a char pointer, pointing to a null-terminated string holding the list of 41ciphers to use for the connection to the HTTPS proxy. The list must be 42syntactically correct, it consists of one or more cipher strings separated by 43colons. Commas or spaces are also acceptable separators but colons are 44normally used, &!, &- and &+ can be used as operators. 45 46For OpenSSL and GnuTLS valid examples of cipher lists include **RC4-SHA**, 47**SHA1+DES**, **TLSv1** and **DEFAULT**. The default list is normally 48set when you compile OpenSSL. 49 50For WolfSSL, valid examples of cipher lists include **ECDHE-RSA-RC4-SHA**, 51**AES256-SHA:AES256-SHA256**, etc. 52 53For mbedTLS and BearSSL, valid examples of cipher lists include 54**ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256**, or when using 55IANA names 56**TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256**, 57etc. With mbedTLS and BearSSL you do not add/remove ciphers. If one uses this 58option then all known ciphers are disabled and only those passed in are 59enabled. 60 61Find more details about cipher lists on this URL: 62 63 https://curl.se/docs/ssl-ciphers.html 64 65The application does not have to keep the string around after setting this 66option. 67 68# DEFAULT 69 70NULL, use internal default 71 72# EXAMPLE 73 74~~~c 75int main(void) 76{ 77 CURL *curl = curl_easy_init(); 78 if(curl) { 79 CURLcode res; 80 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); 81 curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost"); 82 curl_easy_setopt(curl, CURLOPT_PROXY_SSL_CIPHER_LIST, "TLSv1"); 83 res = curl_easy_perform(curl); 84 curl_easy_cleanup(curl); 85 } 86} 87~~~ 88 89# AVAILABILITY 90 91Added in 7.52.0, in 7.83.0 for BearSSL, in 8.8.0 for mbedTLS 92 93If built TLS enabled. 94 95# RETURN VALUE 96 97Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or 98CURLE_OUT_OF_MEMORY if there was insufficient heap space. 99