1---
2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
3SPDX-License-Identifier: curl
4Title: CURLOPT_PROXY_SSL_CIPHER_LIST
5Section: 3
6Source: libcurl
7See-also:
8  - CURLOPT_PROXY_SSLVERSION (3)
9  - CURLOPT_PROXY_TLS13_CIPHERS (3)
10  - CURLOPT_SSLVERSION (3)
11  - CURLOPT_SSL_CIPHER_LIST (3)
12  - CURLOPT_TLS13_CIPHERS (3)
13Protocol:
14  - TLS
15TLS-backend:
16  - OpenSSL
17  - BearSSL
18  - Schannel
19  - Secure Transport
20  - wolfSSL
21  - GnuTLS
22  - mbedTLS
23---
24
25# NAME
26
27CURLOPT_PROXY_SSL_CIPHER_LIST - ciphers to use for HTTPS proxy
28
29# SYNOPSIS
30
31~~~c
32#include <curl/curl.h>
33
34CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_CIPHER_LIST,
35                          char *list);
36~~~
37
38# DESCRIPTION
39
40Pass a char pointer, pointing to a null-terminated string holding the list of
41ciphers to use for the connection to the HTTPS proxy. The list must be
42syntactically correct, it consists of one or more cipher strings separated by
43colons. Commas or spaces are also acceptable separators but colons are
44normally used, &!, &- and &+ can be used as operators.
45
46For OpenSSL and GnuTLS valid examples of cipher lists include **RC4-SHA**,
47**SHA1+DES**, **TLSv1** and **DEFAULT**. The default list is normally
48set when you compile OpenSSL.
49
50For WolfSSL, valid examples of cipher lists include **ECDHE-RSA-RC4-SHA**,
51**AES256-SHA:AES256-SHA256**, etc.
52
53For mbedTLS and BearSSL, valid examples of cipher lists include
54**ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256**, or when using
55IANA names
56**TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256**,
57etc. With mbedTLS and BearSSL you do not add/remove ciphers. If one uses this
58option then all known ciphers are disabled and only those passed in are
59enabled.
60
61Find more details about cipher lists on this URL:
62
63 https://curl.se/docs/ssl-ciphers.html
64
65The application does not have to keep the string around after setting this
66option.
67
68# DEFAULT
69
70NULL, use internal default
71
72# EXAMPLE
73
74~~~c
75int main(void)
76{
77  CURL *curl = curl_easy_init();
78  if(curl) {
79    CURLcode res;
80    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
81    curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost");
82    curl_easy_setopt(curl, CURLOPT_PROXY_SSL_CIPHER_LIST, "TLSv1");
83    res = curl_easy_perform(curl);
84    curl_easy_cleanup(curl);
85  }
86}
87~~~
88
89# AVAILABILITY
90
91Added in 7.52.0, in 7.83.0 for BearSSL, in 8.8.0 for mbedTLS
92
93If built TLS enabled.
94
95# RETURN VALUE
96
97Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or
98CURLE_OUT_OF_MEMORY if there was insufficient heap space.
99