while making https requests using php-curl in ubuntu server, I have found that it adds an additional Cipher Suite which is identified as "EMPTY-RENEGOTIATION-INFO-SCSV".
I know this is a fake Cipher Suite, nevertheless, I want to remove this Cipher Suite from https requests.
Is there any curlopt parameter or openssl extension or apache configuration file that I can use to stop this default behavior.
This "cipher" is documented in RFC 5746 section 3.3. This is a method that counters the prefix attack described in CVE-2009-3555 and elsewhere.
This SCSV is not a true cipher suite (it does not correspond to any valid set of algorithms) and cannot be negotiated. Instead, it has the same semantics as an empty "renegotiation_info" extension, as described in the following sections. Because SSLv3 and TLS implementations reliably ignore unknown cipher suites, the SCSV may be safely sent to any server.
So you don't disable/enable this using the regular cipher suite option curl provides (CURLOPT_SSL_CIPHER_LIST) but instead you need to ask the TLS library to allow unsafe renegotiations.
I don't think PHP allows you to do that and libcurl has no provided option for it, so I believe you have to patch C source code to make it happen.
This is also further described in OpenSSL's documentation for