php 验证 curl 是否使用 TLS
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27904854/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Verify if curl is using TLS
提问by kayo
In my PHP app I use PHP's CURL and openssl, to connect and talk using SOAP. Until now, remote server supported SSL and TLS but because of "poodle" bug, admin decided to disable SSL and use TLS only. SSL is supported until the end of January.
在我的 PHP 应用程序中,我使用 PHP 的 CURL 和 openssl,使用 SOAP 进行连接和交谈。到目前为止,远程服务器支持 SSL 和 TLS 但由于“贵宾犬”错误,管理员决定禁用 SSL 并仅使用 TLS。SSL 支持到 1 月底。
I changed my code by adding:
我通过添加以下内容更改了我的代码:
curl_setopt($objCurl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
That in theory should force curl to use TLSv1.2.
理论上应该强制 curl 使用 TLSv1.2。
But that's theory - I need to verify that it actually uses TLS - is there any method for that? There is a method called curl_getinfo(), but info it returns is not useful for me:
但那是理论 - 我需要验证它是否确实使用了 TLS - 有什么方法吗?有一个名为 curl_getinfo() 的方法,但它返回的信息对我来说没有用:
[url] => https://www.example.com/soap/MessagingPort
[content_type] => text/xml;charset=utf-8
[http_code] => 200
[header_size] => 293
[request_size] => 882
[filetime] => -1
[ssl_verify_result] => 0
[redirect_count] => 0
[total_time] => 0.164487
[namelookup_time] => 3.4E-5
[connect_time] => 3.4E-5
[pretransfer_time] => 0.000122
[size_upload] => 604
[size_download] => 178
[speed_download] => 1082
[speed_upload] => 3672
[download_content_length] => 178
[upload_content_length] => 604
[starttransfer_time] => 0.164477
[redirect_time] => 0
Big Thanks in advance
提前致谢
回答by Jeff Richards
Short Answer
简答
Make a request with curl to https://www.howsmyssl.com/
使用 curl 向https://www.howsmyssl.com/发出请求
<?php
$ch = curl_init('https://www.howsmyssl.com/a/check');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
curl_close($ch);
$json = json_decode($data);
echo $json->tls_version;
that should output what TLS version was used to connect.
这应该输出用于连接的 TLS 版本。
Digging Deeper
深层发掘
Curl relies on the underlying OpenSSL (or NSS) library to do the negotiation of the secure connection. So I believe the right question to ask here is what is the OpenSSL library capable of. If it can handle a TLS connection, then curl can handle a TLS connection.
Curl 依赖底层的 OpenSSL(或 NSS)库来进行安全连接的协商。所以我相信这里要问的正确问题是 OpenSSL 库的功能是什么。如果它可以处理 TLS 连接,那么 curl 可以处理 TLS 连接。
So how to figure out what the openssl (or NSS) library is capable of?
那么如何弄清楚openssl(或NSS)库的功能呢?
<?php
$curl_info = curl_version();
echo $curl_info['ssl_version'];
which is going to dump out something like
这将倾倒出类似的东西
OpenSSL/1.0.1k
Then you can go and have a look at the release notes for that version and see if it includes TLS support.
然后你可以去看看那个版本的发行说明,看看它是否包含 TLS 支持。
OpenSSL Release notes - https://www.openssl.org/news/changelog.html
OpenSSL 发行说明 - https://www.openssl.org/news/changelog.html
NSS Release notes - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases
NSS 发行说明 - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases
Spoiler Alert
剧透警报
- openssl includes support for TLS v1.1 and TLS v1.2 in OpenSSL 1.0.1 [14 Mar 2012]
- NSS included support for TLS v1.1 in 3.14
- NSS included support for TLS v1.2 in 3.15
- openssl 在 OpenSSL 1.0.1 中包含对 TLS v1.1 和 TLS v1.2 的支持 [2012 年 3 月 14 日]
- NSS 在 3.14 中包含对 TLS v1.1 的支持
- NSS 在 3.15 中包含对 TLS v1.2 的支持
回答by kbulgrien
Use https://tlstest.paypal.com:
For example:
例如:
$ curl https://tlstest.paypal.com/
ERROR! Connection is using TLS version lesser than 1.2. Please use TLS1.2
$ ./src/curl https://tlstest.paypal.com/
PayPal_Connection_OK
