php TLS 1.2 在 cURL 中不起作用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30145089/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
TLS 1.2 not working in cURL
提问by Sam Ash
I am having trouble curling an HTTPS url that uses TLS1.2, in my curl operation I post my login data into the website and save it in cookiefile. The error message I am getting is this
我在卷曲使用 TLS1.2 的 HTTPS url 时遇到问题,在我的 curl 操作中,我将登录数据发布到网站并将其保存在 cookiefile 中。我收到的错误信息是这样的
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
I have tried setting VERIFYPEERand VERIFYHOSTto 0 but that does not seem to work, any suggestions?
我试过将VERIFYPEER和设置VERIFYHOST为 0 但这似乎不起作用,有什么建议吗?
Here are the versions I am using:
以下是我正在使用的版本:
- OpenSSL version is 0.9.8b
- CURL version is 7.24.0
- PHP is 5.3
- OpenSSL 版本是 0.9.8b
- CURL 版本是 7.24.0
- PHP 是 5.3
Here is the code:
这是代码:
$setuplogin = curl_init();
curl_setopt ($setuploginurl, CURLOPT_URL, $url);
curl_setopt ($setuploginurl, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt ($setuploginurl, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt ($setuploginurl, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt ($setuploginurl, CURLOPT_SSLVERSION, 'CURL_SSLVERSION_TLSv1_2');
curl_setopt ($setuploginurl, CURLOPT_POSTFIELDS, 'username=uname&password=pword&act=login&submit=Login');
curl_setopt ($setuploginurl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36");
curl_setopt (setuploginurl, CURLOPT_TIMEOUT, 60);
curl_setopt ($setuploginurl, CURLOPT_COOKIESESSION, TRUE);
curl_setopt ($setuploginurl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($setuploginurl, CURLOPT_HEADER, 1);
curl_setopt ($setuploginurl,CURLOPT_ENCODING,"gzip");
curl_setopt ($setuploginurl, CURLOPT_POST, true);
curl_setopt ($setuploginurl, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt ($setuploginurl, CURLOPT_FRESH_CONNECT , 1);
$loginp= curl_exec($setuploginurl);
if ($loginp === FALSE) {
die(curl_error($setuploginurl));
}
curl_close ($setuploginurl);
var_dump ($loginp);
回答by Jeff
You must use an integer value for the CURLOPT_SSLVERSIONvalue, nota string as listed above
您必须使用整数值作为CURLOPT_SSLVERSION值,而不是上面列出的字符串
Try this:
尝试这个:
curl_setopt ($setuploginurl, CURLOPT_SSLVERSION, 6); //Integer NOT string TLS v1.2
http://php.net/manual/en/function.curl-setopt.php
http://php.net/manual/en/function.curl-setopt.php
value should be an integer for the following values of the option parameter:
CURLOPT_SSLVERSION
对于选项参数的以下值,值应该是整数:
CURLOPT_SSLVERSION
One of
之一
CURL_SSLVERSION_DEFAULT (0)
CURL_SSLVERSION_TLSv1 (1)
CURL_SSLVERSION_SSLv2 (2)
CURL_SSLVERSION_SSLv3 (3)
CURL_SSLVERSION_TLSv1_0 (4)
CURL_SSLVERSION_TLSv1_1 (5)
CURL_SSLVERSION_TLSv1_2 (6).
CURL_SSLVERSION_DEFAULT (0)
CURL_SSLVERSION_TLSv1 (1)
CURL_SSLVERSION_SSLv2 (2)
CURL_SSLVERSION_SSLv3 (3)
CURL_SSLVERSION_TLSv1_0 (4)
CURL_SSLVERSION_TLSv1_1 (5)
CURL_SSLVERSION_SSLv3 ( 5) CURL_SSLVERSION_SSLv3 (3)
回答by umka
TLS 1.1 and TLS 1.2 are supported since OpenSSL 1.0.1
自OpenSSL 1.0.1起支持 TLS 1.1 和 TLS 1.2
Forcing TLS 1.1 and 1.2 are only supported since curl 7.34.0
从curl 7.34.0 开始仅支持强制 TLS 1.1 和 1.2
You should consider an upgrade.
你应该考虑升级。
回答by Tomasz Dobrzyński
I has similar problem in context of Stripe:
我在 Stripe 的上下文中遇到了类似的问题:
Error: Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later. You can learn more about this at https://stripe.com/blog/upgrading-tls.
错误:Stripe 不再支持使用 TLS 1.0 发出的 API 请求。请使用 TLS 1.2 或更高版本启动 HTTPS 连接。您可以在https://stripe.com/blog/upgrading-tls了解更多相关信息。
Forcing TLS 1.2 using CURL parameter is temporary solution or even it can't be applied because of lack of room to place an update. By default TLS test function https://gist.github.com/olivierbellone/9f93efe9bd68de33e9b3a3afbd3835cfshowed following configuration:
强制使用 CURL 参数的 TLS 1.2 是临时解决方案,甚至由于缺乏放置更新的空间而无法应用。默认 TLS 测试函数https://gist.github.com/olivierbellone/9f93efe9bd68de33e9b3a3afbd3835cf显示如下配置:
SSL version: NSS/3.21 Basic ECC
SSL version number: 0
OPENSSL_VERSION_NUMBER: 1000105f
TLS test (default): TLS 1.0
TLS test (TLS_v1): TLS 1.2
TLS test (TLS_v1_2): TLS 1.2
I updated libraries using following command:
我使用以下命令更新了库:
yum update nss curl openssl
yum 更新 nss curl openssl
and then saw this:
然后看到了这个:
SSL version: NSS/3.21 Basic ECC
SSL version number: 0
OPENSSL_VERSION_NUMBER: 1000105f
TLS test (default): TLS 1.2
TLS test (TLS_v1): TLS 1.2
TLS test (TLS_v1_2): TLS 1.2
Please notice that default TLS version changed to 1.2! That globally solved problem. This will help PayPal users too: https://www.paypal.com/au/webapps/mpp/tls-http-upgrade(update before end of June 2017)
请注意默认 TLS 版本更改为 1.2!这在全球范围内解决了问题。这也将有助于 PayPal 用户:https: //www.paypal.com/au/webapps/mpp/tls-http-upgrade(在 2017 年 6 月底之前更新)
回答by shintaroid
TLS 1.2is only supported since OpenSSL 1.0.1(see the Major version releases section), you have to update your OpenSSL.
TLS 1.2仅受支持OpenSSL 1.0.1(请参阅主要版本发布部分),您必须更新您的OpenSSL.
It is not necessary to set the CURLOPT_SSLVERSIONoption. The request involves a handshake which will apply the newest TLSversion both server and client support. The server you request is using TLS 1.2, so your php_curlwill use TLS 1.2(by default) as well if your OpenSSLversion is (or newer than) 1.0.1.
不需要设置该CURLOPT_SSLVERSION选项。该请求涉及握手,这将应用TLS服务器和客户端支持的最新版本。您请求的服务器正在使用TLS 1.2,因此如果您的版本是(或更新于),您php_curl也将使用TLS 1.2(默认情况下OpenSSL)1.0.1。
回答by Tauseef
Replace following
替换以下
curl_setopt ($setuploginurl, CURLOPT_SSLVERSION, 'CURL_SSLVERSION_TLSv1_2');
With
和
curl_setopt ($ch, CURLOPT_SSLVERSION, 6);
Should work flawlessly.
应该完美无缺。
