PHP cURL SSL密码套件订购 [英] PHP cURL SSL Cipher Suite Order
问题描述
Cloudflare将ECDHE_ECDSA和AES_128_GCM密码套件用于其https证书.使用PHP cURL时,可以指定密码套件:
Cloudflare uses the cipher suite of ECDHE_ECDSA and AES_128_GCM for their https certificates. When using PHP cURL, you can specify the cipher suite:
curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, 'ecdhe_ecdsa_aes_128_sha');
但是,如果cURL请求正在请求除ecdhe_ecdsa_aes_128_sha之外的其他内容,那对我没有帮助.
However, that doesn't help me if the cURL request is requesting something other than ecdhe_ecdsa_aes_128_sha.
设置了以下Apache配置,但是PHP cURL似乎不遵守这一要求:
The following Apache configuration is set, but PHP cURL does not seem to respect this:
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
是否可以为PHP cURL指定密码套件顺序?
Is there a way to specify a cipher suite order for PHP cURL?
环境信息:
[vagrant@devopsgroup ~]$ php -i | grep SSL
SSL => Yes
SSL Version => NSS/3.15.4
OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL Header Version => OpenSSL 1.0.1e-fips 11 Feb 2013
Native OpenSSL support => enabled
推荐答案
您可以像上面建议的那样指定希望cURL与CURLOPT_SSL_CIPHER_LIST
一起使用的密码套件,但是如果cURL是针对OpenSSL编译的,则需要指定OpenSSL所使用格式的密码.
You can specify the cipher suites you want cURL to use with CURLOPT_SSL_CIPHER_LIST
like you suggest above, but if cURL is compiled against OpenSSL, then you need to specify the ciphers in the format used by OpenSSL.
Apache配置对cURL没有影响.
The Apache configuration has no effect on cURL.
由于cURL是使用OpenSSL构建的,请尝试使用 OpenSSL密码中的密码名称.
Since cURL is built with OpenSSL, try using the cipher names from OpenSSL ciphers.
例如:
curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, 'ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA');
此答案也很有用: https://unix .stackexchange.com/questions/208437/how-to-convert-ssl-ciphers-curl格式
这篇关于PHP cURL SSL密码套件订购的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!