php 错误:错误:14077410:SSL 例程:SSL23_GET_SERVER_HELLO:sslv3 警报握手失败
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/38794133/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Error:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
提问by Raza Saleem
$ch = curl_init();
$clientId = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
curl_setopt($ch, CURLOPT_URL, "https://api.sandbox.paypal.com/v1/oauth2/token");
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, $clientId.":".$secret);
curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close ($ch);
this code working on localhost but when i am testing on my live server it will give me this error Error:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failurethen i tried this
这段代码在本地主机上工作,但是当我在我的实时服务器上进行测试时,它会给我这个错误Error:error:14077410:SSLroutines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure然后我尝试了这个
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/");
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
var_dump(curl_exec($ch));
if ($err = curl_error($ch)) {
var_dump($err);
echo "DEBUG INFORMATION:\n###########";
echo "CURL VERSION";
echo json_encode(curl_version(), JSON_PRETTY_PRINT);
}?>
github.com/paypal/TLS-update/tree/master/php this will again work on localhost and on live it gives me this
github.com/paypal/TLS-update/tree/master/php 这将再次在本地主机上工作,并且在现场它给了我这个
error bool(false)
string(67) "Unknown SSL protocol error in connection to tlstest.paypal.com:443 "
DEBUG INFORMATION:
###########CURL VERSION
my server have these certificates
我的服务器有这些证书
Server Key and Certificate #1
服务器密钥和证书 #1
Subject *.secure.xxxxxxxx.com
Fingerprint SHA1: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Pin SHA256: S4/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Common names *.secure.xxxxxxxx.com MISMATCH
Alternative names *.secure.xxxxxxx.com
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer Symantec Class 3 Secure Server CA - G4
AIA: xxxxxxx/ss.crt
Signature algorithm SHA256withRSA
Extended Validation No
Certificate Transparency Yes (certificate)
OCSP Must Staple No
Revocation information CRL, OCSP
CRL: xxxxxx/ss.crl
OCSP: xxxxxxxxx
Revocation status Good (not revoked)
Trusted No NOT TRUSTED (Why?)
#2
#2
Subject Symantec Class 3 Secure Server CA - G4
Fingerprint SHA1: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Pin SHA256: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Key RSA 2048 bits (e 65537)
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Signature algorithm SHA256withRSA
#3
#3
Subject VeriSign Class 3 Public Primary Certification Authority - G5
Fingerprint SHA1: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Pin SHA256: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Key RSA 2048 bits (e 65537)
Issuer VeriSign, Inc. / Class 3 Public Primary Certification Authority
Signature algorithm SHA1withRSA WEAK
**Protocols**
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No
checked requirements at
检查要求在
回答by Steffen Ullrich
TL;TR: your software is too old to support these servers.
TL;TR:您的软件太旧,无法支持这些服务器。
Both servers support TLS 1.2 only as can be seen when checking with SSLLabs. Your OpenSSL version is 1.0.0s which does not support TLS 1.2 yet. Support is only available since 1.0.1.
两台服务器都只支持 TLS 1.2,这在检查SSLLabs时可以看到。您的 OpenSSL 版本是 1.0.0s,尚不支持 TLS 1.2。仅从 1.0.1 开始提供支持。
my server have these certificates ...
我的服务器有这些证书...
The setup of your web server (i.e. certificates, TLS versions...) are not relevant because in this case you are the client connecting to some other server.
您的 Web 服务器的设置(即证书、TLS 版本...)不相关,因为在这种情况下,您是连接到其他服务器的客户端。
回答by Drew Angell
Your server may support TLS 1.2, but you need to make sure the HTTP requests are actually using it. Based on your result you're getting, you apparently are not using TLS 1.2 with the requests.
您的服务器可能支持 TLS 1.2,但您需要确保 HTTP 请求确实在使用它。根据您得到的结果,您显然没有在请求中使用 TLS 1.2。
Try adding this to your cURL options:
尝试将其添加到您的 cURL 选项中:
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
That will force TLS 1.2.
这将强制使用 TLS 1.2。
Alternatively, get your server software stack updated and this will happen automatically. See this postfor more details, most importantly this part:
或者,更新您的服务器软件堆栈,这将自动发生。有关更多详细信息,请参阅此帖子,最重要的是这部分:
If you want to use TLS 1.2 you'll need to upgrade to OpenSSL 1.0.1 as a minimum, and then you'll be able to set CURLOPT_SSLVERSION to 6 (TLS 1.2).
If you want TLS 1.2 to be used automatically during SSL requests, you'll also need to upgrade to PHP 5.5.19+ (this is the ideal solution but many projects are still on older PHP versions).
如果您想使用 TLS 1.2,您至少需要升级到 OpenSSL 1.0.1,然后您就可以将 CURLOPT_SSLVERSION 设置为 6 (TLS 1.2)。
如果您希望在 SSL 请求期间自动使用 TLS 1.2,您还需要升级到 PHP 5.5.19+(这是理想的解决方案,但许多项目仍在使用较旧的 PHP 版本)。
回答by Martin
Had the same issue with stamps.com API and in our case at the time of this post the solution was to set the CURLOPT_SSLVERSIONto 5.
与stamps.com API 有同样的问题,在我们发布这篇文章时的例子中,解决方案是CURLOPT_SSLVERSION将5.
curl_setopt($ch, CURLOPT_SSLVERSION, 5);
