问题
I am having trouble curling an HTTPS url that uses TLS1.2, in my curl operation I post my login data into the website and save it in cookiefile. The error message I am getting is this
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
I have tried setting VERIFYPEER and VERIFYHOST to 0 but that does not seem to work, any suggestions?
Here are the versions I am using:
- OpenSSL version is 0.9.8b
- CURL version is 7.24.0
- PHP is 5.3
Here is the code:
$setuplogin = curl_init();
curl_setopt ($setuploginurl, CURLOPT_URL, $url);
curl_setopt ($setuploginurl, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt ($setuploginurl, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt ($setuploginurl, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt ($setuploginurl, CURLOPT_SSLVERSION, \'CURL_SSLVERSION_TLSv1_2\');
curl_setopt ($setuploginurl, CURLOPT_POSTFIELDS, \'username=uname&password=pword&act=login&submit=Login\');
curl_setopt ($setuploginurl, CURLOPT_USERAGENT, \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36\");
curl_setopt (setuploginurl, CURLOPT_TIMEOUT, 60);
curl_setopt ($setuploginurl, CURLOPT_COOKIESESSION, TRUE);
curl_setopt ($setuploginurl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($setuploginurl, CURLOPT_HEADER, 1);
curl_setopt ($setuploginurl,CURLOPT_ENCODING,\"gzip\");
curl_setopt ($setuploginurl, CURLOPT_POST, true);
curl_setopt ($setuploginurl, CURLOPT_COOKIEJAR, \'cookies.txt\');
curl_setopt ($setuploginurl, CURLOPT_FRESH_CONNECT , 1);
$loginp= curl_exec($setuploginurl);
if ($loginp === FALSE) {
die(curl_error($setuploginurl));
}
curl_close ($setuploginurl);
var_dump ($loginp);
回答1:
You must use an integer value for the CURLOPT_SSLVERSION value, not a string as listed above
Try this:
curl_setopt ($setuploginurl, CURLOPT_SSLVERSION, 6); //Integer NOT string TLS v1.2
http://php.net/manual/en/function.curl-setopt.php
value should be an integer for the following values of the option parameter:
CURLOPT_SSLVERSION
One of
CURL_SSLVERSION_DEFAULT (0)
CURL_SSLVERSION_TLSv1 (1)
CURL_SSLVERSION_SSLv2 (2)
CURL_SSLVERSION_SSLv3 (3)
CURL_SSLVERSION_TLSv1_0 (4)
CURL_SSLVERSION_TLSv1_1 (5)
CURL_SSLVERSION_TLSv1_2 (6).
回答2:
TLS 1.1 and TLS 1.2 are supported since OpenSSL 1.0.1
Forcing TLS 1.1 and 1.2 are only supported since curl 7.34.0
You should consider an upgrade.
回答3:
I has similar problem in context of Stripe:
Error: Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later. You can learn more about this at https://stripe.com/blog/upgrading-tls.
Forcing TLS 1.2 using CURL parameter is temporary solution or even it can't be applied because of lack of room to place an update. By default TLS test function https://gist.github.com/olivierbellone/9f93efe9bd68de33e9b3a3afbd3835cf showed following configuration:
SSL version: NSS/3.21 Basic ECC
SSL version number: 0
OPENSSL_VERSION_NUMBER: 1000105f
TLS test (default): TLS 1.0
TLS test (TLS_v1): TLS 1.2
TLS test (TLS_v1_2): TLS 1.2
I updated libraries using following command:
yum update nss curl openssl
and then saw this:
SSL version: NSS/3.21 Basic ECC
SSL version number: 0
OPENSSL_VERSION_NUMBER: 1000105f
TLS test (default): TLS 1.2
TLS test (TLS_v1): TLS 1.2
TLS test (TLS_v1_2): TLS 1.2
Please notice that default TLS version changed to 1.2! That globally solved problem. This will help PayPal users too: https://www.paypal.com/au/webapps/mpp/tls-http-upgrade (update before end of June 2017)
回答4:
Replace following
curl_setopt ($setuploginurl, CURLOPT_SSLVERSION, 'CURL_SSLVERSION_TLSv1_2');
With
curl_setopt ($ch, CURLOPT_SSLVERSION, 6);
Should work flawlessly.
回答5:
TLS 1.2 is only supported since OpenSSL 1.0.1 (see the Major version releases section), you have to update your OpenSSL.
It is not necessary to set the CURLOPT_SSLVERSION option. The request involves a handshake which will apply the newest TLS version both server and client support. The server you request is using TLS 1.2, so your php_curl will use TLS 1.2 (by default) as well if your OpenSSL version is (or newer than) 1.0.1.
来源:https://stackoverflow.com/questions/30145089/tls-1-2-not-working-in-curl