更新PHP cURL请求从SSLv3到TLS ..？ [英] Update PHP cURL request from SSLv3 to TLS..?

问题描述

由于SSLv3中发现最近的漏洞，许多网络服务提供商（例如PayPal，Facebook，Google）禁用它，并希望我们使用TLS。

Because of the recent vulnerability discovered in SSLv3, many web service providers (ie. PayPal, Facebook, Google) are disabling that and wanting us to use TLS instead. I'm having a little bit of trouble figuring out how to do this.

我目前正在使用以下函数来处理我的cURL请求。

I'm currently using the following function to handle my cURL requests.

function CURLRequest($Request = "", $APIName = "", $APIOperation = "", $PrintHeaders = false)
{
    $curl = curl_init();
            curl_setopt($curl, CURLOPT_VERBOSE, 1);
            curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
            curl_setopt($curl, CURLOPT_TIMEOUT, 30);
            curl_setopt($curl, CURLOPT_URL, $this->EndPointURL);
            curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
            curl_setopt($curl, CURLOPT_POSTFIELDS, $Request);

    if($this->APIMode == 'Certificate')
    {
        curl_setopt($curl, CURLOPT_SSLCERT, $this->PathToCertKeyPEM);
    }

    $Response = curl_exec($curl);

    /*
     * If a cURL error occurs, output it for review.
     */
    if($this->Sandbox)
    {
        if(curl_error($curl))
        {
            echo curl_error($curl).'<br /><br />';  
        }
    }

    curl_close($curl);
    return $Response;   
}

当我尝试打击PayPal的沙箱时，他们已经禁用，我最终出现了一个cURL错误：错误：14077410：SSL例程：SSL23_GET_SERVER_HELLO：sslv3警报握手失败

When I try hitting PayPal's sandbox, though, where they've already disabled this, I end up with a cURL error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

发现是我只需要改变这使用TLS而不是SSL，而我看到的其他答案只是通过添加一个curl选项到我的函数...

The info that I've found is that I just need to change this to use TLS instead of SSL, and the other answers I've seen say to simply do that by adding a curl option to my function...

curl_setopt($curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);

我已经添加了该选项，但我仍然得到完全相同的结果。任何信息，我如何能得到这个工作将非常感谢。谢谢！

I've added that option, though, and I still get the exact same result. Any information on how I can get this working would be greatly appreciated. Thanks!

推荐答案

已复制自： SSL错误无法更改为TLS

尝试添加 curl_setopt CURLOPT_SSL_CIPHER_LIST，'TLSv1'）;

Try add curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, 'TLSv1'); to your code.

如果你的cURL是OpenSSL libssl 如果基于 nss ，则不会。

This will work if you cURL is OpenSSL libssl based but not if nss based.

这篇关于更新PHP cURL请求从SSLv3到TLS ..？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！