更新PHP cURL请求从SSLv3到TLS ..? [英] Update PHP cURL request from SSLv3 to TLS..?
问题描述
由于SSLv3中发现最近的漏洞,许多网络服务提供商(例如PayPal,Facebook,Google)禁用它,并希望我们使用TLS。
Because of the recent vulnerability discovered in SSLv3, many web service providers (ie. PayPal, Facebook, Google) are disabling that and wanting us to use TLS instead. I'm having a little bit of trouble figuring out how to do this.
我目前正在使用以下函数来处理我的cURL请求。
I'm currently using the following function to handle my cURL requests.
function CURLRequest($Request = "", $APIName = "", $APIOperation = "", $PrintHeaders = false)
{
$curl = curl_init();
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_TIMEOUT, 30);
curl_setopt($curl, CURLOPT_URL, $this->EndPointURL);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $Request);
if($this->APIMode == 'Certificate')
{
curl_setopt($curl, CURLOPT_SSLCERT, $this->PathToCertKeyPEM);
}
$Response = curl_exec($curl);
/*
* If a cURL error occurs, output it for review.
*/
if($this->Sandbox)
{
if(curl_error($curl))
{
echo curl_error($curl).'<br /><br />';
}
}
curl_close($curl);
return $Response;
}
当我尝试打击PayPal的沙箱时,他们已经禁用,我最终出现了一个cURL错误:错误:14077410:SSL例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败
When I try hitting PayPal's sandbox, though, where they've already disabled this, I end up with a cURL error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
发现是我只需要改变这使用TLS而不是SSL,而我看到的其他答案只是通过添加一个curl选项到我的函数...
The info that I've found is that I just need to change this to use TLS instead of SSL, and the other answers I've seen say to simply do that by adding a curl option to my function...
curl_setopt($curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
我已经添加了该选项,但我仍然得到完全相同的结果。任何信息,我如何能得到这个工作将非常感谢。谢谢!
I've added that option, though, and I still get the exact same result. Any information on how I can get this working would be greatly appreciated. Thanks!
推荐答案
已复制自: SSL错误无法更改为TLS
尝试添加 curl_setopt CURLOPT_SSL_CIPHER_LIST,'TLSv1');
Try add curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
to your code.
如果你的cURL是OpenSSL libssl 如果基于 nss ,则不会。
This will work if you cURL is OpenSSL libssl based but not if nss based.
这篇关于更新PHP cURL请求从SSLv3到TLS ..?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!