CODEWITHSUNDEEP
phpsslcurlhttps
Michael
Michael

Reputation: 53

PHP Curl HTTPS SSL23_GET_SERVER_HELLO:tlsv1

I'm not able to access via curl to a https site and I'm stuck.

The url can be opened in the browser and is using the following secure connection:

The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).

Here the php cUrl script I'm using:

$curl = curl_init();
curl_setopt($curl,CURLOPT_URL,$Org_Input); //$Org_Input
curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3'); 
curl_setopt($curl, CURLOPT_AUTOREFERER, true); //updates the referrer
curl_setopt($curl, CURLOPT_RETURNTRANSFER,TRUE);
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_HEADER, 1);  
curl_setopt($curl, CURLOPT_SSLVERSION, 6);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
$response= curl_exec($curl);
if (FALSE === $response) {
   echo "cUrl Error: " . curl_error($curl) . "<br><br>";
}

The script worked previously with the http url and now causes a problem if the url gets redirected to https. I believe it's linked to curl_setopt($curl, CURLOPT_SSLVERSION, 6);

I tried with the script 

for($i=0;$i<=6;$i++) {
        //if($i==2) continue;
        $ch = curl_init($Org_Input);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_SSLVERSION, $i);
        if(curl_exec($ch) === false)
                echo $i.': ' . curl_error($ch) . "<br>";
        else
                echo $i.': works<br>';
        echo "\n";
        curl_close($ch);
}

And I get the following error messages:

0: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

1: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version

2: Unknown SSL protocol error in connection to www.example.com:443

3: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

4: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

5: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

6: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

As the website is using "TLS 1.2" for secure connection I believe the 6 is the right value as it stands for "CURL_SSLVERSION_TLSv1_2"

But then I'm stuck with the error response: "1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version"

Somebody has any idea what could be the issue?

cUrl Version: 7.21.0 Open SSL version: OpenSSL 0.9.8q 2 Dec 2010 openssl version number: 9470239

Upvotes: 1

Views: 13522

Answers (1)

Steffen Ullrich
Steffen Ullrich

Reputation: 123280

OpenSSL 0.9.8q 2 Dec 2010

This no longer supported version of OpenSSL does not support modern protocols (TLS 1.2) and modern ciphers. Additionally it might be that the site requires the TLS SNI extension which maybe is not supported by old software.

It is unknown what exactly of these mentioned problem is really the issue since the URL of the site you reach is unknown. But I'm pretty sure that this is one of these causes and that an upgrade of OpenSSL, curl and the PHP bindings for it will solve the problem.

As the website is using "TLS 1.2" for secure connection I believe the 6 is the right value as it stands for "CURL_SSLVERSION_TLSv1_2"

Since this version of OpenSSL does not support TLS 1.2 trying to use TLS 1.2 using this setting will not solve the problem but maybe make it worse. Try to use TLS 1.0 instead since that is the most this OpenSSL version can do.

Upvotes: 2

Related Questions