带有cURL的PHP​​脚本在一台服务器上运行...不适用于其他服务器

Question

提前感谢您的帮助。这是我的问题：

我有一个双节点服务器配置，其中两个服务器（应该）完全相同。两者都安装了PHP。我能够在一个节点上完美地运行我的cURL PHP脚本，但不能在另一个节点上运行。以下是两个实例的详细（调试）输出：

已知工作（节点2）：

stderr=* About to connect() to company.sharepoint.com port 443
*   Trying 191.234.148.26... * connected
* Connected to company.sharepoint.com (191.234.148.26) port 443
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using AES256-SHA
* Server certificate:
*        subject: /C=US/ST=WA/L=Redmond/O=Microsoft/CN=*.sharepoint.com
*        start date: 2014-04-14 22:01:07 GMT
*        expire date: 2016-04-13 22:01:07 GMT
*        subjectAltName: company.sharepoint.com matched
*        issuer: /DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
* SSL certificate verify ok.
> POST /_forms/default.aspx?wa=wsignin1.0 HTTP/1.1
Host: company.sharepoint.com
Accept: */*
Content-Length: 1021
Content-Type: application/x-www-form-urlencoded

错误（节点1）：

* About to connect() to company.sharepoint.com port 443
*   Trying 191.234.148.26... * connected
* Connected to company.sharepoint.com (191.234.148.26) port 443
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Unknown SSL protocol error in connection to company.sharepoint.com:443 
* Closing connection #0
PHP Fatal error:  Uncaught exception 'Exception' with message 'Curl error: Unknown SSL     protocol error in connection to company.sharepoint.com:443 ' in     /opt/CLA2/sharepoint/sharepoint.php:391
Stack trace:
#0 /opt/CLA2/sharepoint/sharepoint.php(39): getAuthCookies('t=EwDwAk6hBwAUG...', 'https://paychex...', '1')
#1 {main}
   thrown in /opt/CLA2/sharepoint/sharepoint.php on line 391

有什么建议吗？我很困惑为什么两个据称相同的节点会有不同的结果。

再次感谢您的帮助！

Answer 1

Unknown SSL protocol error表示SSL协商失败。这可能是由于不兼容的密码或SSL版本。您可以尝试显式设置密码和版本以解决此问题。

使用Qualys SSLtest，支持的密码为：

TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5

支持的版本为SSLv3和TLSv1。

所以你可以做到

curl_setopt($handle, CURLOPT_SSLVERSION, 3);
curl_setopt($handle, CURLOPT_SSL_CIPHER, 'TLS_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_3DES_EDE_CBC_SHA');