cURL不支持的SSL协议

时间:2016-01-21 01:55:10

标签: php ssl curl tls1.2

我有一个cURL请求在通过我的PHP 5.4.48应用程序运行时失败。有趣的是,它直接通过控制台或Postman运行时正确执行。

我连接的API需要一个TLSv1.2连接,我在我的应用程序中指定。

这是我的简单请求,因为它在我的PHP应用程序中:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://dev-dataconnect.givex.com:50104');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,$payload);

curl_setopt($ch, CURLOPT_POST, 1 );
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/plain;charset=UTF-8')); 
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
// curl_setopt($ch, CURLOPT_SSLVERSION, 'CURL_SSLVERSION_TLSv1_2'); // specifying value by name was of no help
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLS_RSA_WITH_AES_256_CBC_SHA256');

curl_exec($ch);

原始cURL请求看起来像这样(注意这会从控制台中成功触发)

curl 'https://dev-dataconnect.givex.com:50104/' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36' -H 'Content-Type: text/plain;charset=UTF-8' -H 'Accept: */*' -H 'Cache-Control: no-cache' -H 'Connection: keep-alive' --data-binary $'{"method":"dc_909","id":"confidential","jsonrpc":"2.0","params":["en","confidential","29530","confidential"]}\n' --compressed

另请注意,我没有为成功的握手指定SSL版本

以下是运行curl -v' https://dev-dataconnect.givex.com:50104/'

的打印输出
* Connected to dev-dataconnect.givex.com (72.15.49.106) port 50104 (#0)
* TLS 1.2 connection using TLS_RSA_WITH_AES_256_CBC_SHA256
* Server certificate: *.givex.com
* Server certificate: Trustwave Organization Validation SHA256 CA, Level 1
* Server certificate: SecureTrust CA
> GET / HTTP/1.1
> Host: dev-dataconnect.givex.com:50104
> User-Agent: curl/7.43.0
> Accept: */*

我正在跑步

 - PHP 5.4.48
 - curl 7.43.0 (within both my MAMP and my Mac environments)
 - OpenSSL/0.9.8zd (within both my MAMP and my Mac environments)

自上周以来,我一直在对此问题进行排查。任何想法???

4 个答案:

答案 0 :(得分:2)

  
      
  • OpenSSL / 0.9.8zd(在我的MAMP和我的Mac环境中)
  •   
     

...

     

我正在连接的API需要一个TLSv1.2连接,我在我的应用程序中指定。

OpenSSL 0.9.8不支持TLS 1.2。仅在OpenSSL 1.0.1中添加了支持。

答案 1 :(得分:0)

以下代码适用于我:

<?php
$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_PORT => "50104",
  CURLOPT_URL => "https://dev-dataconnect.givex.com:50104/",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "{\"method\":\"dc_909\",\"id\":\"confidential\",\"jsonrpc\":\"2.0\",\"params\":[\"en\",\"confidential\",\"29530\",\"confidential\"]}",
  CURLOPT_HTTPHEADER => array(
    "accept: */*",
    "accept-encoding: gzip, deflate",
    "accept-language: en-US,en;q=0.8",
    "cache-control: no-cache",
    "connection: keep-alive",
    "content-type: text/plain;charset=UTF-8",
    "user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
    echo "cURL Error #:" . $err;
} else {
    echo $response;
}
?>

答案 2 :(得分:0)

第1步:打开phpinfo()

第2步:转到cUrl部分

第3步:检查SSL是否已启用。如果不是,您将面临Unsupported SSL Protocol错误。

解决方案:

尝试在MAMP中启用SSL或安装最新版本的MAMP

enter image description here

答案 3 :(得分:0)

我今天偶然发现了这个错误,但发现了不同的味道。一个旧站点正在使用 TLSv1.0,自从升级到 Ubuntu 20.04 以来,我们无法访问它。修复是

 curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'DEFAULT@SECLEVEL=1');