1---
2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
3SPDX-License-Identifier: curl
4Title: CURLOPT_PROXY_TLS13_CIPHERS
5Section: 3
6Source: libcurl
7See-also:
8  - CURLOPT_PROXY_SSLVERSION (3)
9  - CURLOPT_PROXY_SSL_CIPHER_LIST (3)
10  - CURLOPT_SSLVERSION (3)
11  - CURLOPT_SSL_CIPHER_LIST (3)
12  - CURLOPT_TLS13_CIPHERS (3)
13Protocol:
14  - TLS
15TLS-backend:
16  - OpenSSL
17  - wolfSSL
18  - mbedTLS
19  - rustls
20Added-in: 7.61.0
21---
22
23# NAME
24
25CURLOPT_PROXY_TLS13_CIPHERS - ciphers suites for proxy TLS 1.3
26
27# SYNOPSIS
28
29~~~c
30#include <curl/curl.h>
31
32CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_TLS13_CIPHERS,
33                          char *list);
34~~~
35
36# DESCRIPTION
37
38Pass a char pointer, pointing to a null-terminated string holding the list of
39cipher suites to use for the TLS 1.3 connection to a proxy. The list must be
40syntactically correct, it consists of one or more cipher suite strings
41separated by colons.
42
43For setting TLS 1.2 (1.1, 1.0) ciphers see CURLOPT_PROXY_SSL_CIPHER_LIST(3).
44
45A valid example of a cipher list is:
46~~~
47"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256"
48~~~
49
50Find more details about cipher lists on this URL:
51
52 https://curl.se/docs/ssl-ciphers.html
53
54The application does not have to keep the string around after setting this
55option.
56
57Using this option multiple times makes the last set string override the
58previous ones. Set it to NULL to disable its use again.
59
60# DEFAULT
61
62NULL, use internal built-in list
63
64# %PROTOCOLS%
65
66# EXAMPLE
67
68~~~c
69int main(void)
70{
71  CURL *curl = curl_easy_init();
72  if(curl) {
73    CURLcode res;
74    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
75    curl_easy_setopt(curl, CURLOPT_PROXY_TLS13_CIPHERS,
76                     "TLS_CHACHA20_POLY1305_SHA256");
77    res = curl_easy_perform(curl);
78    curl_easy_cleanup(curl);
79  }
80}
81~~~
82
83# HISTORY
84
85OpenSSL support added in 7.61.0, available when built with OpenSSL \>= 1.1.1.
86LibreSSL support added in 8.3.0, available when built with LibreSSL \>= 3.4.1.
87wolfSSL support added in 8.10.0.
88mbedTLS support added in 8.10.0, available when built with mbedTLS \>= 3.6.0.
89Rustls support added in 8.10.0.
90
91Before curl 8.10.0 with mbedTLS or wolfSSL, TLS 1.3 cipher suites were set
92by using the CURLOPT_PROXY_SSL_CIPHER_LIST(3) option.
93
94# %AVAILABILITY%
95
96# RETURN VALUE
97
98Returns CURLE_OK if supported, CURLE_NOT_BUILT_IN otherwise.
99