1---
2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
3SPDX-License-Identifier: curl
4Title: CURLOPT_TLS13_CIPHERS
5Section: 3
6Source: libcurl
7See-also:
8  - CURLOPT_PROXY_SSLVERSION (3)
9  - CURLOPT_PROXY_SSL_CIPHER_LIST (3)
10  - CURLOPT_PROXY_TLS13_CIPHERS (3)
11  - CURLOPT_SSLVERSION (3)
12  - CURLOPT_SSL_CIPHER_LIST (3)
13  - CURLOPT_USE_SSL (3)
14Protocol:
15  - TLS
16TLS-backend:
17  - OpenSSL
18  - wolfSSL
19  - mbedTLS
20  - rustls
21Added-in: 7.61.0
22---
23
24# NAME
25
26CURLOPT_TLS13_CIPHERS - ciphers suites to use for TLS 1.3
27
28# SYNOPSIS
29
30~~~c
31#include <curl/curl.h>
32
33CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TLS13_CIPHERS, char *list);
34~~~
35
36# DESCRIPTION
37
38Pass a char pointer, pointing to a null-terminated string holding the list of
39cipher suites to use for the TLS 1.3 connection. The list must be
40syntactically correct, it consists of one or more cipher suite strings
41separated by colons.
42
43For setting TLS 1.2 (1.1, 1.0) ciphers see CURLOPT_SSL_CIPHER_LIST(3).
44
45A valid example of a cipher list is:
46~~~c
47"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256"
48~~~
49
50Find more details about cipher lists on this URL:
51
52 https://curl.se/docs/ssl-ciphers.html
53
54The application does not have to keep the string around after setting this
55option.
56
57Using this option multiple times makes the last set string override the
58previous ones. Set it to NULL to restore to internal default.
59
60# DEFAULT
61
62NULL, use internal built-in
63
64# %PROTOCOLS%
65
66# EXAMPLE
67
68~~~c
69int main(void)
70{
71  CURL *curl = curl_easy_init();
72  if(curl) {
73    CURLcode res;
74    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
75    curl_easy_setopt(curl, CURLOPT_TLS13_CIPHERS,
76                     "TLS_CHACHA20_POLY1305_SHA256");
77    res = curl_easy_perform(curl);
78    curl_easy_cleanup(curl);
79  }
80}
81~~~
82
83# HISTORY
84
85OpenSSL support added in 7.61.0, available when built with OpenSSL \>= 1.1.1.
86LibreSSL support added in 8.3.0, available when built with LibreSSL \>= 3.4.1.
87wolfSSL support added in 8.10.0.
88mbedTLS support added in 8.10.0, available when built with mbedTLS \>= 3.6.0.
89Rustls support added in 8.10.0.
90
91Before curl 8.10.0 with mbedTLS or wolfSSL, TLS 1.3 cipher suites were set
92by using the CURLOPT_SSL_CIPHER_LIST(3) option.
93
94# %AVAILABILITY%
95
96# RETURN VALUE
97
98Returns CURLE_OK if supported, CURLE_NOT_BUILT_IN otherwise.
99