Verify if curl is using TLS

Question

In my PHP app I use PHP\'s CURL and openssl, to connect and talk using SOAP. Until now, remote server supported SSL and TLS but because of \"poodle\" bug, admin decided to d

Answer 1

Short Answer

Make a request with curl to https://www.howsmyssl.com/

<?php 
$ch = curl_init('https://www.howsmyssl.com/a/check');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
curl_close($ch);

$json = json_decode($data);
echo $json->tls_version;

that should output what TLS version was used to connect.

Digging Deeper

Curl relies on the underlying OpenSSL (or NSS) library to do the negotiation of the secure connection. So I believe the right question to ask here is what is the OpenSSL library capable of. If it can handle a TLS connection, then curl can handle a TLS connection.

So how to figure out what the openssl (or NSS) library is capable of?

<?php    
$curl_info = curl_version();
echo $curl_info['ssl_version'];

which is going to dump out something like

OpenSSL/1.0.1k

Then you can go and have a look at the release notes for that version and see if it includes TLS support.

OpenSSL Release notes - https://www.openssl.org/news/changelog.html

NSS Release notes - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases

Spoiler Alert

• openssl includes support for TLS v1.1 and TLS v1.2 in OpenSSL 1.0.1 [14 Mar 2012]
• NSS included support for TLS v1.1 in 3.14
• NSS included support for TLS v1.2 in 3.15

Answer 2

Use https://tlstest.paypal.com:

For example:

$ curl https://tlstest.paypal.com/
ERROR! Connection is using TLS version lesser than 1.2. Please use TLS1.2

$ ./src/curl https://tlstest.paypal.com/
PayPal_Connection_OK