OpenSSL error - handshake failure

Question

On about every second request I make to an API I get this error!?

The backend on the API is one of my own servers which I have setup myself with self-signed SSL certs

What is happening here!? It can't be the SSL certs because it works in some cases

Warning:  fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure in

API request code

$Request = new Request();
$Request->host = $host;
$Request->api_secret = 'asdf39Sf3D';
$Request->send($url, $params);
echo $Request->get_result();

class Request {
    public $host;
    public $api_secret;

    public $boundary;
    public $body;

    private $response;
    private $url;

    const SSL = true;

    public function send($url, $post_vars=array()){
        $this->url = $url;

        $crlf = "\r\n";

        $host = $this->host;
        $port = 80;

        if(self::SSL){
            $host = 'ssl://'.$this->host;
            $port = 443;
        }

        if($this->body){
            $body = $this->body;
        }
        else{
            $post_vars['__api_hash'] = $this->generate_hash($this->url);
            $body = http_build_query($post_vars);
        }

        $content_length = strlen($body);

        $max_post = 1024 * 1024 * 20;
        if($content_length > $max_post){
            throw new Exception("Max post size exceeded");
        }

        if($fp = fsockopen($host, $port, $errno, $errstr, 20)){
            fwrite($fp, 'POST '.substr($this->url, strlen($this->host)).' HTTP/1.1'.$crlf
                .'Host: '.$this->host.$crlf
                .($this->body ? 'Content-type: multipart/form-data; boundary='.$this->boundary : 'Content-Type: application/x-www-form-urlencoded').$crlf
                .'Content-Length: '.$content_length.$crlf
                .'Connection: Close'.$crlf.$crlf
                .$body);

            while($line = fgets($fp)){
                if($line !== false){
                    $this->response .= $line;
                }
            }

            fclose($fp);
        }
        else{
            throw new Exception("$errstr ($errno)");
        }
    }

    public function get_response(){
        return $this->response;
    }

    public function get_result(){
        list($header, $content) = explode("\n\n", str_replace("\r\n", "\n", $this->response));

        preg_match('/^HTTP\/[\d\.]+ (\d+)/', $header, $matches);
        switch($matches[1]){
            case 404:
                throw new Exception('HTTP 404 '.$this->url);
        }

        return json_decode($content, true);
    }

    public function generate_hash(){
        return sha1($this->url.$this->api_secret);
    }
}

Answer 1

There was a well-publicized SSL/TLS renegotiation issue in 2009. You are probably seeing the result of code added to protect against unsafe renegotiation. If one side of the communication is patched to fix the unsafe renegotiation issue then this might also cause the error you are seeing. Both sides need to have the patched version of SSL or both unpatched. From the OpenSSL changelog, it looks like you need at least v0.9.8m.

Looking at Wamp2 and "The ordinal 942 could not be located in the dynamic link library LIBEAY.dll" you possibly have a bad version of of OpenSSL that shipped with WAMP.