LinuxSecurity.com: A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. This allows an attacker to cause an appliation crash or potentially to execute arbitrary code. [More...]
CURLOPT_SSL_OPTIONS(3) curl_easy_setopt options CURLOPT_SSL_OPTIONS(3)NAME
CURLOPT_SSL_OPTIONS - set SSL behavior options
SYNOPSIS
#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_OPTIONS, long bitmask);
DESCRIPTION
Pass a long with a bitmask to tell libcurl about specific SSL behaviors.
CURLSSLOPT_ALLOW_BEAST tells libcurl to not attempt to use any workarounds for a security flaw in the SSL3 and TLS1.0 protocols. If this
option isn't used or this bit is set to 0, the SSL layer libcurl uses may use a work-around for this flaw although it might cause interop-
erability problems with some (older) SSL implementations. WARNING: avoiding this work-around lessens the security, and by setting this
option to 1 you ask for exactly that. This option is only supported for DarwinSSL, NSS and OpenSSL.
Added in 7.44.0:
CURLSSLOPT_NO_REVOKE tells libcurl to disable certificate revocation checks for those SSL backends where such behavior is present. Cur-
rently this option is only supported for WinSSL (the native Windows SSL library), with an exception in the case of Windows' Untrusted Pub-
lishers blacklist which it seems can't be bypassed. This option may have broader support to accommodate other SSL backends in the future.
https://curl.haxx.se/docs/ssl-compared.html
DEFAULT
0
PROTOCOLS
All TLS-based protocols
EXAMPLE
TODO
AVAILABILITY
Added in 7.25.0
RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
SEE ALSO CURLOPT_SSLVERSION(3), CURLOPT_SSL_CIPHER_LIST(3),
libcurl 7.54.0 February 03, 2016 CURLOPT_SSL_OPTIONS(3)