SSL页面上的PHP Curl错误 [英] PHP Curl Error on SSL Page

问题描述

我使用了一段时间的PHP脚本来检索特定SSL网页的内容突然开始失败，并引发以下错误（该页面始终是SSL页面）：

A PHP script I have been using for a while to retrieve the contents of a particular SSL webpage has suddenly started failing, and throwing the following error (the page has always been an SSL page):

cUrl error (#35): error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 
alert protocol version
Verbose information:
* Adding handle: conn: 0x1da38f0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x1da38f0) send_pipe: 1, recv_pipe: 0
* About to connect() to www.oddschecker.com port 443 (#0)
*   Trying 35.201.89.239...
* Connected to www.oddschecker.com (35.201.89.239) port 443 (#0)
* error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
* Closing connection 0

有问题的网页：

https://www.oddschecker.com/golf/open-championship/2018-open-championship/winner

代码：

function get_data($url) 
{
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}

我尝试过Google提出的几种不同的建议解决方案，它们设置了不同的curl_setopt参数，但到目前为止没有运气。任何建议将不胜感激。

I have tried a few different proposed solutions from google, in terms of setting different curl_setopt parameters but no luck so far. Any suggestions would be greatly appreciated.

本地Windows PHP安装

PHP版本：5.3.28

卷曲版本：7.30 .0

SSL版本：OpenSSL / 0.9.8y

Local Windows PHP Installation
PHP Version: 5.3.28
Curl Version: 7.30.0
SSL Version: OpenSSL/0.9.8y

推荐答案

看起来该更新了。您尝试连接的站点已放弃对较旧的，不安全的协议（如SSL2，SSL3和TLS1）的支持，从而确保了其通信的安全。您可以在这里亲自查看： https：// www。 ssllabs.com/ssltest/analyze.html?d=www.oddschecker.com

Looks like it's time for an update. The site you are trying to connect to has secured their communications by dropping support for the older, insecure protocols like SSL2, SSL3 and TLS1. You can see that for yourself here: https://www.ssllabs.com/ssltest/analyze.html?d=www.oddschecker.com

您使用的OpenSSL版本是Internet标准和由于包含许多漏洞，因此被认为是非常不安全的。 TLS 1.1和1.2协议已添加到OpenSSL v1.0.1。中。

You are using a version of OpenSSL that is ancient by Internet standards and is considered to be very insecure as it contains a multitude of vulnerabilities. The TLS 1.1 and 1.2 protocols were added to OpenSSL v1.0.1.

在1.0.0h和1.0.1之间进行更改[2012年3月14日] ... *）为客户端身份验证添加TLS v1.2
客户端支持。将高速缓存
的握手记录保留更长的时间，因为直到收到证书请求消息后，我们才知道哈希算法将使用
。
[Steve Henson]

Changes between 1.0.0h and 1.0.1 [14 Mar 2012] ... *) Add TLS v1.2 client side support for client authentication. Keep cache of handshake records longer as we don't know the hash algorithm to use until after the certificate request message is received. [Steve Henson]

*）初始TLS v1.2客户端支持。添加默认签名
算法
扩展名，包括我们支持的所有算法。在客户端密钥交换中解析新的签名
格式。放宽对
TLS v1.2的ECC签名限制，如RFC5246中所示。
[Steve Henson] ...

*) Initial TLS v1.2 client support. Add a default signature algorithms extension including all the algorithms we support. Parse new signature format in client key exchange. Relax some ECC signing restrictions for TLS v1.2 as indicated in RFC5246. [Steve Henson] ...

https://www.openssl.org/news/cl102.txt

不会也会更新堆栈的其余部分。

It won't hurt to update the rest of your stack as well.

这篇关于SSL页面上的PHP Curl错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！