Update PHP cURL request from SSLv3 to TLS..?

Question

Because of the recent vulnerability discovered in SSLv3, many web service providers (ie. PayPal, Facebook, Google) are disabling that and wanting us to use TLS instead. I\'

Answer 1

A better solution until Paypal updates its core SDK would be to override the CURLOPT_SSL_CIPHER_LIST directly in your application. This way you don't have to interfere with the sdk-core-php package directly and you will be free to upgrade it in future.

You could add something like the following to your app's bootstrap or payment processing logic:

PPHttpConfig::$DEFAULT_CURL_OPTS[CURLOPT_SSL_CIPHER_LIST] = 'TLSv1';

Just make sure you comment it thoroughly and remember to take it out later when the issue has been patched in the core.

Answer 2

I just resolved updating nss library via terminal.

Answer 3

Copied from: SSL error can not change to TLS

Try add curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, 'TLSv1'); to your code.

This will work if you cURL is OpenSSL libssl based but not if nss based.

Answer 4

If the above does not help, check OPENSSL version. Its likely because of OPENSSL version <= 0.9.8. Updating to PHP7 helps, which comes with higher version of OPENSSL.