CODEWITHSUNDEEP
phpcurltls1.2
koalaok
koalaok

Reputation: 5720

How can I set php to default use a specific TLS version for curl requests?

Searching around the internet I have found the following script to determine the versions involved I'm using on my server:

<?php
    function get_tls_version($sslversion = null)
    {
        $c = curl_init();
        curl_setopt($c, CURLOPT_URL, "https://www.howsmyssl.com/a/check");
        curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
        if ($sslversion !== null) {
            curl_setopt($c, CURLOPT_SSLVERSION, $sslversion);
        }
        $rbody = curl_exec($c);
        if ($rbody === false) {
            $errno = curl_errno($c);
            $msg = curl_error($c);
            curl_close($c);
            return "Error! errno = " . $errno . ", msg = " . $msg;
        } else {
            $r = json_decode($rbody);
            curl_close($c);
            return $r->tls_version;
        }
    }
    echo "<pre>\n";
    echo "OS: " . PHP_OS . "\n";
    echo "uname: " . php_uname() . "\n";
    echo "PHP version: " . phpversion() . "\n";
    $curl_version = curl_version();
    echo "curl version: " . $curl_version["version"] . "\n";
    echo "SSL version: " . $curl_version["ssl_version"] . "\n";
    echo "SSL version number: " . $curl_version["ssl_version_number"] . "\n";
    echo "OPENSSL_VERSION_NUMBER: " . dechex(OPENSSL_VERSION_NUMBER) . "\n";
    echo "TLS test (default): " . get_tls_version() . "\n";
    echo "TLS test (TLS_v1): " . get_tls_version(1) . "\n";
    echo "TLS test (TLS_v1_2): " . get_tls_version(6) . "\n";
    echo "</pre>\n";
?>

The script provides the following result:

OS: Linux
uname: Linux ....
PHP version: 5.6.11
curl version: 7.19.7
SSL version: NSS/3.27.1
SSL version number: 0
OPENSSL_VERSION_NUMBER: 1000105f
TLS test (default): TLS 1.0
TLS test (TLS_v1): TLS 1.2
TLS test (TLS_v1_2): TLS 1.2

Note that I'm limited in performing system or packages upgrades. And I'm on a CentOS release 6.6 (Final) server.

How can I set in PHP (since it's available) TLS test (default): TLS 1.0 to become TLS 1.2 ?

I would like to avoid setting something like:

 curl_setopt ($curl, CURLOPT_SSLVERSION, 6); 
 // 5 (for CURL_SSLVERSION_TLSv1_1) or 6 (for CURL_SSLVERSION_TLSv1_2)

...everytime I need to instantiate a curl in my php project.

I would like to override the default instead SSLVERSION used by php (somewhere, where?)

Upvotes: 0

Views: 2998

Answers (1)

shawn
shawn

Reputation: 4363

No, there is no global option to force curl to use tls1.2/tls1.3 (no global variable, no global function, no global ini configuration). You may patch the curl extension to meet your requirement but you said you are limited in performing system or packages upgrades.

A possible method is to write your own curl_init, eg:

function curl_init_tls12()
{
    $c = curl_init();
    curl_setopt($c, CURLOPT_SSLVERSION, ...);
    return $c;
}

And remember to use your own curl_init_tls13 everywhere.

Upvotes: 1

Related Questions