CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_CIPHER_LIST, char *list);
For OpenSSL and GnuTLS valid examples of cipher lists include 'RC4-SHA', 'SHA1+DES', 'TLSv1' and 'DEFAULT'. The default list is normally set when you compile OpenSSL.
You'll find more details about cipher lists on this URL:
https://www.openssl.org/docs/apps/ciphers.html
For NSS, valid examples of cipher lists include 'rsa_rc4_128_md5', 'rsa_aes_128_sha', etc. With NSS you don't add/remove ciphers. If one uses this option then all known ciphers are disabled and only those passed in are enabled.
You'll find more details about the NSS cipher lists on this URL:
http://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives
The application does not have to keep the string around after setting this option.
CURL *curl = curl_easy_init(); if(curl) { curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost"); curl_easy_setopt(curl, CURLOPT_PROXY_SSL_CIPHER_LIST, "TLSv1"); ret = curl_easy_perform(curl); curl_easy_cleanup(curl); }