发表新帖
发表新帖

TLS 1.2 not working in cURL

后端 未结
关注
5 1263
有刺的猬
有刺的猬 2020-11-27 17:28

I am having trouble curling an HTTPS url that uses TLS1.2, in my curl operation I post my login data into the website and save it in cookiefile. The error message I am getti

相关标签:
5条回答
  • 渐次进展
    2020-11-27 17:45

    TLS 1.1 and TLS 1.2 are supported since OpenSSL 1.0.1

    Forcing TLS 1.1 and 1.2 are only supported since curl 7.34.0

    You should consider an upgrade.

    0 讨论(0)
  • 失恋的感觉
    2020-11-27 17:48

    I has similar problem in context of Stripe:

    Error: Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later. You can learn more about this at https://stripe.com/blog/upgrading-tls.

    Forcing TLS 1.2 using CURL parameter is temporary solution or even it can't be applied because of lack of room to place an update. By default TLS test function https://gist.github.com/olivierbellone/9f93efe9bd68de33e9b3a3afbd3835cf showed following configuration:

    SSL version: NSS/3.21 Basic ECC
SSL version number: 0
OPENSSL_VERSION_NUMBER: 1000105f
TLS test (default): TLS 1.0
TLS test (TLS_v1): TLS 1.2
TLS test (TLS_v1_2): TLS 1.2

    I updated libraries using following command:

    yum update nss curl openssl

    and then saw this:

    SSL version: NSS/3.21 Basic ECC
SSL version number: 0
OPENSSL_VERSION_NUMBER: 1000105f
TLS test (default): TLS 1.2
TLS test (TLS_v1): TLS 1.2
TLS test (TLS_v1_2): TLS 1.2

    Please notice that default TLS version changed to 1.2! That globally solved problem. This will help PayPal users too: https://www.paypal.com/au/webapps/mpp/tls-http-upgrade (update before end of June 2017)

    0 讨论(0)
  • Happy的楠姐
    2020-11-27 17:48

    Replace following

    curl_setopt ($setuploginurl, CURLOPT_SSLVERSION, 'CURL_SSLVERSION_TLSv1_2');

    With

    curl_setopt ($ch, CURLOPT_SSLVERSION, 6);

    Should work flawlessly.

    0 讨论(0)
  • 我在风中等你
    2020-11-27 17:52

    TLS 1.2 is only supported since OpenSSL 1.0.1 (see the Major version releases section), you have to update your OpenSSL.

    It is not necessary to set the CURLOPT_SSLVERSION option. The request involves a handshake which will apply the newest TLS version both server and client support. The server you request is using TLS 1.2, so your php_curl will use TLS 1.2 (by default) as well if your OpenSSL version is (or newer than) 1.0.1.

    0 讨论(0)
  • -上瘾入骨i
    2020-11-27 17:54

    You must use an integer value for the CURLOPT_SSLVERSION value, not a string as listed above

    Try this:

    curl_setopt ($setuploginurl, CURLOPT_SSLVERSION, 6); //Integer NOT string TLS v1.2

    http://php.net/manual/en/function.curl-setopt.php

    value should be an integer for the following values of the option parameter: CURLOPT_SSLVERSION

    One of

    CURL_SSLVERSION_DEFAULT (0)
    CURL_SSLVERSION_TLSv1 (1)
    CURL_SSLVERSION_SSLv2 (2)
    CURL_SSLVERSION_SSLv3 (3)
    CURL_SSLVERSION_TLSv1_0 (4)
    CURL_SSLVERSION_TLSv1_1 (5)
    CURL_SSLVERSION_TLSv1_2 (6).

    0 讨论(0)
 看不清?
提交回复
热议问题