PHP CURL doesn't finish request

Question

I'm using curl library on PHP7.2 for to send request on website. this is the link:

https://pje.trt15.jus.br/pje-consulta-api/api/processos/dadosbasicos/00114894220185150137

If send the request using the cURL on terminal, I get theses headers and response:

curl https://pje.trt15.jus.br/pje-consulta-api/api/processos/dadosbasicos/00114894220185150137 -H "x-grau-instancia: 2" -v

*   Trying 23.46.150.41...
* TCP_NODELAY set
* Connected to pje.trt15.jus.br (23.46.150.41) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=www.trt15.jus.br
*  start date: Sep 28 17:24:47 2021 GMT
*  expire date: Dec 27 17:24:46 2021 GMT
*  subjectAltName: host "pje.trt15.jus.br" matched cert's "pje.trt15.jus.br"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* Using Stream ID: 1 (easy handle 0x55c5a2365600)
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):

\> GET /pje-consulta-api/api/processos/dadosbasicos/00114894220185150137 HTTP/2
> Host: pje.trt15.jus.br
> User-Agent: curl/7.58.0
> Accept: */*
> x-grau-instancia: 2
>
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/2 200
< x-request-id: c85077d1-ce68-4ce5-8e88-744203769ea7
< content-type: application/json
< content-length: 150
< x-frame-options: SAMEORIGIN
< strict-transport-security: max-age=15768000; includeSubDomains; preload
< x-content-type-options: nosniff
< referrer-policy: no-referrer-when-downgrade
< feature-policy: camera 'none'; microphone 'none'
< expires: Mon, 22 Nov 2021 17:10:48 GMT
< cache-control: max-age=0, no-cache, no-store
< pragma: no-cache
< date: Mon, 22 Nov 2021 17:10:48 GMT
< server-timing: cdn-cache; desc=MISS
< server-timing: edge; dur=115
< server-timing: origin; dur=10
<
* Connection #0 to host pje.trt15.jus.br left intact

But, if I use the php library, the header is other, and the request don't finish

*   Trying 23.46.150.41...
* TCP_NODELAY set
* Connected to pje.trt15.jus.br (23.46.150.41) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: DEFAULT:!DH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=www.trt15.jus.br
*  start date: Sep 28 17:24:47 2021 GMT
*  expire date: Dec 27 17:24:46 2021 GMT
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.

\> GET /pje-consulta-api/api/processos/dadosbasicos/00114894220185150137 HTTP/1.1
Host: pje.trt15.jus.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept: application/json, text/plain, */*
accept-encoding: gzip, deflate, br
accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7
content-type: application/json
x-grau-instancia: 2

UPDATE 1

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://pje.trt15.jus.br/pje-consulta-api/api/processos/dadosbasicos/00114894220185150137');
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER,['x-grau-instancia: 1']);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'DEFAULT:!DH');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_USERAGENT, ' Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36');
curl_setopt($ch, CURLOPT_VERBOSE, true);
$ping = curl_exec($ch);

Why the curl library don't continue with HTTP2 request? Why the hedaers is different?

Answer 1

Since the server uses TSL1.3 you may try specifing a value with curl_setopt for CURLOPT_TLS13_CIPHERS

From the manual

The list of cipher suites to use for the TLS 1.3 connection. The list must be syntactically correct, it consists of one or more cipher suite strings separated by colons. This option is currently used only when curl is built to use OpenSSL 1.1.1 or later. If you are using a different SSL backend you can try setting TLS 1.3 cipher suites by using the CURLOPT_SSL_CIPHER_LIST option.

Note that there a three requirements:

Available since PHP 7.3.0

libcurl >= cURL 7.61.0.

Available when built with OpenSSL >= 1.1.1.