Geek Answers Handbook

Php curl set ssl version

From 3 days I can not connect to the paypal sandbox. I found out that they may have refused SSLv3 support. So I tried changing the SSL version in my curl request by setting:

curl_setopt($curl, CURLOPT_SSLVERSION,1); # 1 = TLSv1

But he still gives me the same error:

 error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Any idea why the script is still using SSLv3?

I am using php 5.5 and the next version of curl (I am currently asking my hoster [managed hosting in 1 and 1] to upgrade to a newer version)

curl 7.21.0 (i486-pc-linux-gnu) libcurl / 7.21.0 OpenSSL / 0.9.8o zlib / 1.2.3.4 libidn / 1.15 libssh2 / 1.2.6 Protocols: dict ftp ftps file http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

+6
source share
3 answers

The problem is that PayPal refused to support SSLv3, TLS 1.0 and TLS 1.1 and now only supports TLS 1.2, but the cURL version of OpenSSL built using ( 0.9.8o ) does not support TLS.

At this point, you can only hope that the host can upgrade OpenSSL, cURL and PHP to a newer version (1.0+) of OpenSSL.

As of now, your cURL client does not tell TLS, which is required by PayPal, and there are no options for it except updating OpenSSL.

+3
source

Had the same problem.

  <?php error_reporting(E_ALL); $curl = curl_init(); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_VERBOSE, 1); curl_setopt($curl, CURLOPT_HEADER, 1); curl_setopt($curl, CURLOPT_URL, 'https://api-3t.sandbox.paypal.com/nvp'); $response = curl_exec($curl); var_dump($response); exit;

Answer:

 bool(false)

and no error logs!

So, I made a small script:

 <?php error_reporting(E_ALL); var_dump(file_get_contents('https://api-3t.sandbox.paypal.com/nvp'));

and here’s what I have in the magazines:

 [12-Feb-2016 15:56:19] PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure in /xxx/yyy.php on line 3 [12-Feb-2016 15:56:19] PHP Warning: file_get_contents(): Failed to enable crypto in /xxx/yyy.php on line 3 [12-Feb-2016 15:56:19] PHP Warning: file_get_contents(https://api-3t.sandbox.paypal.com/nvp): failed to open stream: operation failed in /xxx/yyy.php on line 3

My solution was:

  • Update (1.0+) version of OpenSSL.
  • Compile Curl
  • Recompile PHP with the new CURL
  • Make sure Curl SSL version is OpenSSL / (1.0 +)

SSL version of OpenSSL / 1.0.1e - Good

SSL Version NSS / 3.13.6.0 - Bad

I work on CentOS. Here is what I did to update:

  • Update OpenSSL:

    openssl version

if below 1.0 run: yum update openssl make sure it is really updated

  1. Reinstall PHP. Therefore save the php.ini file

  2. Keep a list of all PHP modules installed via:

    yum list installed | grep php

save the result!

  1. yum erase php
  2. yum erase php-curl
  3. yum install php

  4. yum install php-curl

  5. restart apache or fpm and if you are lucky you will get work

  6. restore php.ini configurations and PHP modules: yum install php-pgsql; yum install php-gd; etc.

However, if your package repositories are outdated or you have curl library with SSL NSS bindings installed, you can download and compile curl library manually. I used the phpize tool bundled with the php-devel package. So my problem is:

 cURL Information 7.19.7 SSL Version NSS/3.13.6.0

and here is how I changed it to:

 cURL Information 7.22.0 SSL Version OpenSSL/1.0.1e

  • Update OpenSSL:

    openssl version

if below 1.0 run: yum update openssl make sure it is really updated

  1. Reinstall PHP. Therefore save the php.ini file

  2. Keep a list of all PHP modules installed via:

    yum list installed | grep php

save the result!

  1. yum erase php
  2. yum erase php-curl
  3. yum install php-devel
  4. print the PHP version with rpm -qa --queryformat '% {version}' php and find where you can download the exact PHP sources
  5. After the bash script, a special curl library will be installed:

 <pre> #!/bin/bash PHP_VERSION=$(rpm -qa --queryformat '%{version}' php) CURL_VERSION=7.22.0 #echo $CURL_VERSION #exit #wget --no-check-certificate http://mirror.cogentco.com/pub/php/php-${PHP_VERSION}.tar.gz -O /tmp/php-${PHP_VERSION}.tar.gz wget --no-check-certificate http://museum.php.net/php5/php-${PHP_VERSION}.tar.gz -O /tmp/php-${PHP_VERSION}.tar.gz wget --no-check-certificate http://curl.haxx.se/download/curl-${CURL_VERSION}.tar.gz -O /tmp/curl-${CURL_VERSION}.tar.gz cd /tmp; tar xzf php-${PHP_VERSION}.tar.gz cd /tmp; tar xzf curl-${CURL_VERSION}.tar.gz cd curl-${CURL_VERSION} ./configure make make install cd /tmp; rm -rf curl-${CURL_VERSION}* sleep 2 cd /tmp/php-${PHP_VERSION}/ext/curl/ phpize ./configure make make install cd /tmp; rm -rf php-${PHP_VERSION}* </pre>
  1. restart apache or fpm and if you are lucky you will get the job.
  2. restore php.ini configurations and PHP modules: yum install php-pgsql; yum install php-gd; etc.
+2
source

Perfect, I wanted LibCurl to use OpenSSL instead of NSS, this helped me fix this in order to configure php libcurl to use OpenSSL.

My Centos7 PHP 5.6 used

 php -r "print_r(curl_version());" | grep ssl_version [ssl_version_number] => 0 [ssl_version] => NSS/3.19.1 Basic ECC

and after this correction, it shows, this is what I wanted.

 php -r "print_r(curl_version());" | grep ssl_version [ssl_version_number] => 0 [ssl_version] => OpenSSL/1.0.1f

Here is the revised script that I used on Centos7 with PHP 5.6.17

 #!/bin/bash PHP_VERSION=$(rpm -qa --queryformat '%{version}' php56) CURL_VERSION=$(curl -V|head -1|awk '{print $2}') wget --no-check-certificate http://mirror.cogentco.com/pub/php/php-5.6.17.tar.bz2 -O /tmp/php-${PHP_VERSION}.tar.bz2 wget --no-check-certificate http://curl.haxx.se/download/curl-${CURL_VERSION}.tar.gz -O /tmp/curl-${CURL_VERSION}.tar.gz cd /tmp; tar xjf php-${PHP_VERSION}.tar.bz2 cd /tmp; tar xzf curl-${CURL_VERSION}.tar.gz cd curl-${CURL_VERSION} ./configure make make install cd /tmp; rm -rf curl-${CURL_VERSION}* sleep 2 cd /tmp/php-${PHP_VERSION}/ext/curl/ phpize ./configure make make install cd /tmp; rm -rf php-${PHP_VERSION}*
+1
source

More articles:


All Articles