将 PHP cURL 请求从 SSLv3 更新为 TLS ..?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/26763737/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Update PHP cURL request from SSLv3 to TLS..?
提问by Drew Angell
Because of the recent vulnerability discovered in SSLv3, many web service providers (ie. PayPal, Facebook, Google) are disabling that and wanting us to use TLS instead. I'm having a little bit of trouble figuring out how to do this.
由于最近在 SSLv3 中发现的漏洞,许多 Web 服务提供商(即 PayPal、Facebook、Google)正在禁用它并希望我们改用 TLS。我在弄清楚如何执行此操作时遇到了一些麻烦。
I'm currently using the following function to handle my cURL requests.
我目前正在使用以下函数来处理我的 cURL 请求。
function CURLRequest($Request = "", $APIName = "", $APIOperation = "", $PrintHeaders = false)
{
$curl = curl_init();
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_TIMEOUT, 30);
curl_setopt($curl, CURLOPT_URL, $this->EndPointURL);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $Request);
if($this->APIMode == 'Certificate')
{
curl_setopt($curl, CURLOPT_SSLCERT, $this->PathToCertKeyPEM);
}
$Response = curl_exec($curl);
/*
* If a cURL error occurs, output it for review.
*/
if($this->Sandbox)
{
if(curl_error($curl))
{
echo curl_error($curl).'<br /><br />';
}
}
curl_close($curl);
return $Response;
}
When I try hitting PayPal's sandbox, though, where they've already disabled this, I end up with a cURL error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
但是,当我尝试访问 PayPal 的沙箱时,他们已经禁用了此功能,但最终会出现 cURL 错误: 错误:14077410:SSL 例程:SSL23_GET_SERVER_HELLO:sslv3 警报握手失败
The info that I've found is that I just need to change this to use TLS instead of SSL, and the other answers I've seen say to simply do that by adding a curl option to my function...
我发现的信息是,我只需要将其更改为使用 TLS 而不是 SSL,而我看到的其他答案说只需通过向我的函数添加 curl 选项来做到这一点......
curl_setopt($curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
I've added that option, though, and I still get the exact same result. Any information on how I can get this working would be greatly appreciated. Thanks!
不过,我已经添加了该选项,但仍然得到完全相同的结果。任何有关我如何使这项工作发挥作用的信息都将不胜感激。谢谢!
采纳答案by philippe lhardy
Copied from: SSL error can not change to TLS
复制自:SSL 错误无法更改为 TLS
Try add curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');to your code.
尝试添加curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');到您的代码中。
This will work if you cURL is OpenSSL libsslbased but not if nssbased.
如果您的 cURL基于OpenSSL libssl而不是基于nss,这将起作用。
回答by Sebastian Sibelle
A better solution until Paypal updates its core SDK would be to override the CURLOPT_SSL_CIPHER_LIST directly in your application. This way you don't have to interfere with the sdk-core-php package directly and you will be free to upgrade it in future.
在 Paypal 更新其核心 SDK 之前,更好的解决方案是直接在您的应用程序中覆盖 CURLOPT_SSL_CIPHER_LIST。这样您就不必直接干扰 sdk-core-php 包,将来您可以随意升级它。
You could add something like the following to your app's bootstrap or payment processing logic:
您可以在应用程序的引导程序或支付处理逻辑中添加类似以下内容:
PPHttpConfig::$DEFAULT_CURL_OPTS[CURLOPT_SSL_CIPHER_LIST] = 'TLSv1';
Just make sure you comment it thoroughly and remember to take it out later when the issue has been patched in the core.
只要确保对它进行彻底的评论,并记住在问题在核心中修补后将其删除。
回答by Luca Murante
I just resolved updating nsslibrary via terminal.
我刚刚解决了nss通过终端更新库的问题。
回答by burgur
If the above does not help, check OPENSSL version. Its likely because of OPENSSL version <= 0.9.8. Updating to PHP7 helps, which comes with higher version of OPENSSL.
如果以上方法没有帮助,请检查 OPENSSL 版本。可能是因为 OPENSSL 版本 <= 0.9.8。更新到 PHP7 有帮助,它带有更高版本的 OPENSSL。
