我有一个cURL请求在通过我的PHP 5.4.48应用程序运行时失败。有趣的是,它直接通过控制台或Postman运行时正确执行。
我连接的API需要一个TLSv1.2连接,我在我的应用程序中指定。
这是我的简单请求,因为它在我的PHP应用程序中:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://dev-dataconnect.givex.com:50104');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,$payload);
curl_setopt($ch, CURLOPT_POST, 1 );
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/plain;charset=UTF-8'));
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
// curl_setopt($ch, CURLOPT_SSLVERSION, 'CURL_SSLVERSION_TLSv1_2'); // specifying value by name was of no help
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLS_RSA_WITH_AES_256_CBC_SHA256');
curl_exec($ch);
原始cURL请求看起来像这样(注意这会从控制台中成功触发)
curl 'https://dev-dataconnect.givex.com:50104/' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36' -H 'Content-Type: text/plain;charset=UTF-8' -H 'Accept: */*' -H 'Cache-Control: no-cache' -H 'Connection: keep-alive' --data-binary $'{"method":"dc_909","id":"confidential","jsonrpc":"2.0","params":["en","confidential","29530","confidential"]}\n' --compressed
另请注意,我没有为成功的握手指定SSL版本
以下是运行curl -v' https://dev-dataconnect.givex.com:50104/'
的打印输出* Connected to dev-dataconnect.givex.com (72.15.49.106) port 50104 (#0)
* TLS 1.2 connection using TLS_RSA_WITH_AES_256_CBC_SHA256
* Server certificate: *.givex.com
* Server certificate: Trustwave Organization Validation SHA256 CA, Level 1
* Server certificate: SecureTrust CA
> GET / HTTP/1.1
> Host: dev-dataconnect.givex.com:50104
> User-Agent: curl/7.43.0
> Accept: */*
我正在跑步
- PHP 5.4.48
- curl 7.43.0 (within both my MAMP and my Mac environments)
- OpenSSL/0.9.8zd (within both my MAMP and my Mac environments)
自上周以来,我一直在对此问题进行排查。任何想法???
答案 0 :(得分:2)
- OpenSSL / 0.9.8zd(在我的MAMP和我的Mac环境中)
...
我正在连接的API需要一个TLSv1.2连接,我在我的应用程序中指定。
OpenSSL 0.9.8不支持TLS 1.2。仅在OpenSSL 1.0.1中添加了支持。
答案 1 :(得分:0)
以下代码适用于我:
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_PORT => "50104",
CURLOPT_URL => "https://dev-dataconnect.givex.com:50104/",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"method\":\"dc_909\",\"id\":\"confidential\",\"jsonrpc\":\"2.0\",\"params\":[\"en\",\"confidential\",\"29530\",\"confidential\"]}",
CURLOPT_HTTPHEADER => array(
"accept: */*",
"accept-encoding: gzip, deflate",
"accept-language: en-US,en;q=0.8",
"cache-control: no-cache",
"connection: keep-alive",
"content-type: text/plain;charset=UTF-8",
"user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
?>
答案 2 :(得分:0)
第1步:打开phpinfo()
第2步:转到cUrl
部分
第3步:检查SSL
是否已启用。如果不是,您将面临Unsupported SSL Protocol
错误。
解决方案:
尝试在MAMP中启用SSL或安装最新版本的MAMP
答案 3 :(得分:0)
我今天偶然发现了这个错误,但发现了不同的味道。一个旧站点正在使用 TLSv1.0,自从升级到 Ubuntu 20.04 以来,我们无法访问它。修复是
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'DEFAULT@SECLEVEL=1');