I am having trouble curling an HTTPS url that uses TLS1.2, in my curl operation I post my login data into the website and save it in cookiefile. The error message I am getting is this
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
I have tried setting VERIFYPEER and VERIFYHOST to 0 but that does not seem to work, any suggestions?
Here are the versions I am using:
Here is the code:
$setuplogin = curl_init();
curl_setopt ($setuploginurl, CURLOPT_URL, $url);
curl_setopt ($setuploginurl, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt ($setuploginurl, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt ($setuploginurl, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt ($setuploginurl, CURLOPT_SSLVERSION, 'CURL_SSLVERSION_TLSv1_2');
curl_setopt ($setuploginurl, CURLOPT_POSTFIELDS, 'username=uname&password=pword&act=login&submit=Login');
curl_setopt ($setuploginurl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36");
curl_setopt (setuploginurl, CURLOPT_TIMEOUT, 60);
curl_setopt ($setuploginurl, CURLOPT_COOKIESESSION, TRUE);
curl_setopt ($setuploginurl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($setuploginurl, CURLOPT_HEADER, 1);
curl_setopt ($setuploginurl,CURLOPT_ENCODING,"gzip");
curl_setopt ($setuploginurl, CURLOPT_POST, true);
curl_setopt ($setuploginurl, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt ($setuploginurl, CURLOPT_FRESH_CONNECT , 1);
$loginp= curl_exec($setuploginurl);
if ($loginp === FALSE) {
die(curl_error($setuploginurl));
}
curl_close ($setuploginurl);
var_dump ($loginp);
I has similar problem in context of Stripe:
Error: Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later. You can learn more about this at https://stripe.com/blog/upgrading-tls.
Forcing TLS 1.2 using CURL parameter is temporary solution or even it can't be applied because of lack of room to place an update. By default TLS test function https://gist.github.com/olivierbellone/9f93efe9bd68de33e9b3a3afbd3835cf showed following configuration:
SSL version: NSS/3.21 Basic ECC
SSL version number: 0
OPENSSL_VERSION_NUMBER: 1000105f
TLS test (default): TLS 1.0
TLS test (TLS_v1): TLS 1.2
TLS test (TLS_v1_2): TLS 1.2
I updated libraries using following command:
yum update nss curl openssl
and then saw this:
SSL version: NSS/3.21 Basic ECC
SSL version number: 0
OPENSSL_VERSION_NUMBER: 1000105f
TLS test (default): TLS 1.2
TLS test (TLS_v1): TLS 1.2
TLS test (TLS_v1_2): TLS 1.2
Please notice that default TLS version changed to 1.2! That globally solved problem. This will help PayPal users too: https://www.paypal.com/au/webapps/mpp/tls-http-upgrade (update before end of June 2017)
Replace following
curl_setopt ($setuploginurl, CURLOPT_SSLVERSION, 'CURL_SSLVERSION_TLSv1_2');
With
curl_setopt ($ch, CURLOPT_SSLVERSION, 6);
Should work flawlessly.
TLS 1.1 and TLS 1.2 are supported since OpenSSL 1.0.1
Forcing TLS 1.1 and 1.2 are only supported since curl 7.34.0
You should consider an upgrade.
You must use an integer value for the CURLOPT_SSLVERSION value, not a string as listed above
Try this:
curl_setopt ($setuploginurl, CURLOPT_SSLVERSION, 6); //Integer NOT string TLS v1.2
http://php.net/manual/en/function.curl-setopt.php
value should be an integer for the following values of the option parameter:
CURLOPT_SSLVERSION
One of
CURL_SSLVERSION_DEFAULT (0)
CURL_SSLVERSION_TLSv1 (1)
CURL_SSLVERSION_SSLv2 (2)
CURL_SSLVERSION_SSLv3 (3)
CURL_SSLVERSION_TLSv1_0 (4)
CURL_SSLVERSION_TLSv1_1 (5)
CURL_SSLVERSION_TLSv1_2 (6).
TLS 1.2 is only supported since OpenSSL 1.0.1 (see the Major version releases section), you have to update your OpenSSL.
It is not necessary to set the CURLOPT_SSLVERSION option. The request involves a handshake which will apply the newest TLS version both server and client support. The server you request is using TLS 1.2, so your php_curl will use TLS 1.2 (by default) as well if your OpenSSL version is (or newer than) 1.0.1.
Source: Stackoverflow.com