diff --git a/index.php b/index.php
index 73457cf..1a9779d 100644
--- a/index.php
+++ b/index.php
@@ -26,7 +26,12 @@ $cas_servers=array(
 		// If ssl_validation is enable you must define
 		'ssl_cacert_path' => '/etc/ssl/certs/ca-certificates.crt',
 		'ssl_cn_validation' => true
-	)
+		// Extra CURL options (for phpCAS client)
+		'extra_curl_options' => array(
+			// Uncomment it in case of 'dh key too small' error
+			// 'CURLOPT_SSL_CIPHER_LIST' => 'DEFAULT@SECLEVEL=1',
+		),
+	),
 );
 
 // FQDN of CAS server
@@ -252,6 +257,15 @@ if (is_writable($phpCAS_logfile) || (!is_file($phpCAS_logfile) && is_writable(di
 phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_servers[$cas_host]['port'], $cas_servers[$cas_host]['context']);
 phpCAS::setFixedServiceURL($service_url);
 
+// Set extra CURL options
+if (isset($cas_servers[$cas_host]['extra_curl_options']) && is_array($cas_servers[$cas_host]['extra_curl_options'])) {
+	foreach($cas_servers[$cas_host]['extra_curl_options'] as $opt => $value) {
+		if (is_string($opt) && substr($opt, 0, 7) == 'CURLOPT' && defined($opt))
+			$opt = constant($opt);
+		phpCAS::setExtraCurlOption($opt, $value);
+	}
+}
+
 if ($cas_servers[$cas_host]['insecure']) {
 	$phpCAS_config['Insecure'] = 'Yes';
 	$phpCAS_config['Base URL'] = 'http://'.$cas_host.($cas_servers[$cas_host]['port']?':'.$cas_servers[$cas_host]['port']:'').$cas_servers[$cas_host]['context'];