验证curl是否使用TLS [英] Verify if curl is using TLS

问题描述

在我的PHP应用程序中，我使用PHP的CURL和openssl，以使用SOAP进行连接和交谈. 到目前为止，远程服务器支持SSL和TLS，但是由于长卷毛狗"错误，管理员决定禁用SSL并仅使用TLS. 支持SSL，直到一月底.

In my PHP app I use PHP's CURL and openssl, to connect and talk using SOAP. Until now, remote server supported SSL and TLS but because of "poodle" bug, admin decided to disable SSL and use TLS only. SSL is supported until the end of January.

我通过添加以下代码来更改了代码

I changed my code by adding:

curl_setopt($objCurl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);

理论上，这应该强制curl使用TLSv1.2.

That in theory should force curl to use TLSv1.2.

但这是理论-我需要验证它是否确实使用TLS-是否有任何方法可以做到这一点? 有一个叫做curl_getinfo()的方法，但是它返回的信息对我没有用:

But that's theory - I need to verify that it actually uses TLS - is there any method for that? There is a method called curl_getinfo(), but info it returns is not useful for me:

[url] => https://www.example.com/soap/MessagingPort
[content_type] => text/xml;charset=utf-8
[http_code] => 200
[header_size] => 293
[request_size] => 882
[filetime] => -1
[ssl_verify_result] => 0
[redirect_count] => 0
[total_time] => 0.164487
[namelookup_time] => 3.4E-5
[connect_time] => 3.4E-5
[pretransfer_time] => 0.000122
[size_upload] => 604
[size_download] => 178
[speed_download] => 1082
[speed_upload] => 3672
[download_content_length] => 178
[upload_content_length] => 604
[starttransfer_time] => 0.164477
[redirect_time] => 0

在此先感谢

推荐答案

简短回答

使用curl请求发送 https://www.howsmyssl.com/

Make a request with curl to https://www.howsmyssl.com/

<?php 
$ch = curl_init('https://www.howsmyssl.com/a/check');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
curl_close($ch);

$json = json_decode($data);
echo $json->tls_version;

，应输出用于连接的TLS版本.

that should output what TLS version was used to connect.

深入挖掘

Curl依赖底层的OpenSSL(或NSS)库来进行安全连接的协商.因此，我相信这里要问的正确问题是OpenSSL库的功能.如果它可以处理TLS连接，则curl可以处理TLS连接.

Curl relies on the underlying OpenSSL (or NSS) library to do the negotiation of the secure connection. So I believe the right question to ask here is what is the OpenSSL library capable of. If it can handle a TLS connection, then curl can handle a TLS connection.

那么如何找出openssl(或NSS)库的功能呢?

So how to figure out what the openssl (or NSS) library is capable of?

<?php    
$curl_info = curl_version();
echo $curl_info['ssl_version'];

这将丢弃

OpenSSL/1.0.1k

然后，您可以查看该版本的发行说明，并查看其是否包含TLS支持.

Then you can go and have a look at the release notes for that version and see if it includes TLS support.

OpenSSL发行说明- https://www.openssl.org/news/changelog.html

OpenSSL Release notes - https://www.openssl.org/news/changelog.html

NSS发行说明- https://developer.mozilla. org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases

剧透警报

• openssl在OpenSSL 1.0.1中包括对TLS v1.1和TLS v1.2的支持 [2012年3月14日]
• NSS在3.14中包括了对TLS v1.1的支持
• 包括NSS 在3.15中支持TLS v1.2

• openssl includes support for TLS v1.1 and TLS v1.2 in OpenSSL 1.0.1 [14 Mar 2012]
• NSS included support for TLS v1.1 in 3.14
• NSS included support for TLS v1.2 in 3.15

这篇关于验证curl是否使用TLS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！