Reputation: 11
PHP Curl Error on SSL Page
A PHP script I have been using for a while to retrieve the contents of a particular SSL webpage has suddenly started failing, and throwing the following error (the page has always been an SSL page):
cUrl error (#35): error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1
alert protocol version
Verbose information:
* Adding handle: conn: 0x1da38f0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x1da38f0) send_pipe: 1, recv_pipe: 0
* About to connect() to www.oddschecker.com port 443 (#0)
* Trying 35.201.89.239...
* Connected to www.oddschecker.com (35.201.89.239) port 443 (#0)
* error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
* Closing connection 0
Webpage in question:
https://www.oddschecker.com/golf/open-championship/2018-open-championship/winner
Code:
function get_data($url)
{
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
I have tried a few different proposed solutions from google, in terms of setting different curl_setopt parameters but no luck so far. Any suggestions would be greatly appreciated.
Local Windows PHP Installation
PHP Version: 5.3.28
Curl Version: 7.30.0
SSL Version: OpenSSL/0.9.8y
Upvotes: 1
Views: 8954
Answers (2)
Reputation: 2679
Looks like it's time for an update. The site you are trying to connect to has secured their communications by dropping support for the older, insecure protocols like SSL2, SSL3 and TLS1. You can see that for yourself here: https://www.ssllabs.com/ssltest/analyze.html?d=www.oddschecker.com
You are using a version of OpenSSL that is ancient by Internet standards and is considered to be very insecure as it contains a multitude of vulnerabilities. The TLS 1.1 and 1.2 protocols were added to OpenSSL v1.0.1.
Changes between 1.0.0h and 1.0.1 [14 Mar 2012] ... *) Add TLS v1.2 client side support for client authentication. Keep cache of handshake records longer as we don't know the hash algorithm to use until after the certificate request message is received. [Steve Henson]
*) Initial TLS v1.2 client support. Add a default signature algorithms extension including all the algorithms we support. Parse new signature format in client key exchange. Relax some ECC signing restrictions for TLS v1.2 as indicated in RFC5246. [Steve Henson] ...
https://www.openssl.org/news/cl102.txt
It won't hurt to update the rest of your stack as well.
Upvotes: 1
Reputation: 475
You can try to set the TLS to use a more modern version (1.2) by adding:
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
See curl_setopt's CURLOPT_SSLVERSION for other values.
Upvotes: 0
Related Questions
- Error using PHP cURL with SSL certificates
- PHP curl error: "Unknown SSL protocol error in connection to..."
- PHP cURL SSL Connect Error
- Curl SSL Connect error
- curl SSL certificate error
- php curl is not working over https
- PHP cURL says https not supported
- SSL error with PHP Curl Library in Apache
- CURL getting error:14094410:SSL
- SSL error with PHP curl