<title>CURLOPT_SSL_OPTIONS man page</title>
<meta name="generator" content="roffit">
<STYLE type="text/css">
-P.level0 {
+pre {
+ overflow: auto;
+ margin: 0;
+}
+
+P.level0, pre.level0 {
padding-left: 2em;
}
-P.level1 {
+P.level1, pre.level1 {
padding-left: 4em;
}
-P.level2 {
+P.level2, pre.level2 {
padding-left: 6em;
}
<p class="level0"><a name="NAME"></a><h2 class="nroffsh">NAME</h2>
<p class="level0">CURLOPT_SSL_OPTIONS - set SSL behavior options <a name="SYNOPSIS"></a><h2 class="nroffsh">SYNOPSIS</h2>
-<p class="level0">#include <curl/curl.h>
+<p class="level0">#include <curl/curl.h>
<p class="level0">CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_OPTIONS, long bitmask); <a name="DESCRIPTION"></a><h2 class="nroffsh">DESCRIPTION</h2>
<p class="level0">Pass a long with a bitmask to tell libcurl about specific SSL behaviors.
-<p class="level0"><span Class="emphasis">CURLSSLOPT_ALLOW_BEAST</span> is the only supported bit and by setting this the user will tell libcurl to not attempt to use any workarounds for a security flaw in the SSL3 and TLS1.0 protocols. If this option isn't used or this bit is set to 0, the SSL layer libcurl uses may use a work-around for this flaw although it might cause interoperability problems with some (older) SSL implementations. WARNING: avoiding this work-around lessens the security, and by setting this option to 1 you ask for exactly that. <a name="DEFAULT"></a><h2 class="nroffsh">DEFAULT</h2>
+<p class="level0"><span Class="emphasis">CURLSSLOPT_ALLOW_BEAST</span> tells libcurl to not attempt to use any workarounds for a security flaw in the SSL3 and TLS1.0 protocols. If this option isn't used or this bit is set to 0, the SSL layer libcurl uses may use a work-around for this flaw although it might cause interoperability problems with some (older) SSL implementations. WARNING: avoiding this work-around lessens the security, and by setting this option to 1 you ask for exactly that. This option is only supported for DarwinSSL, NSS and OpenSSL.
+<p class="level0">Added in 7.44.0:
+<p class="level0"><span Class="emphasis">CURLSSLOPT_NO_REVOKE</span> tells libcurl to disable certificate revocation checks for those SSL backends where such behavior is present. <span class="bold">Currently this option is only supported for WinSSL (the native Windows SSL library), with an exception in the case of Windows' Untrusted Publishers blacklist which it seems can't be bypassed.</span> This option may have broader support to accommodate other SSL backends in the future. <a href="http://curl.haxx.se/docs/ssl-compared.html">http://curl.haxx.se/docs/ssl-compared.html</a>
+<p class="level0">
+<p class="level0"><a name="DEFAULT"></a><h2 class="nroffsh">DEFAULT</h2>
<p class="level0">0 <a name="PROTOCOLS"></a><h2 class="nroffsh">PROTOCOLS</h2>
<p class="level0">All TLS-based protocols <a name="EXAMPLE"></a><h2 class="nroffsh">EXAMPLE</h2>
<p class="level0">TODO <a name="AVAILABILITY"></a><h2 class="nroffsh">AVAILABILITY</h2>