4

I am using MAMP on OS X Yosemite to develop a website on my local machine. The website is a client application for an API that runs on HTTPS. I keep getting this error when I try to call the API from PHP:

error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

The same code works on the server, but the site is already in production so I need to be able to create a separate development environment. I get exactly the same error whether I call the API with cURL or file_get_contents. I can use cURL on the command line or load the URL in my browser and it works fine. I've spent hours reading through and trying all the other solutions I could find on this site and elsewhere, and none of them have worked. Has anyone else seen this problem?

Update: I finally found a solution in my last ditch effort just before posting this question, but it was such a painful process that I'm posting it anyway in hopes it can help someone else avoid this hair-tearing catastrophe. My solution is below.

linesarefuzzy
  • 1,890
  • 17
  • 17

4 Answers4

23

The solution:

  1. brew install openssl
  2. Download and unpack the latest cURL

  3. In the cURL source directory: 

    LDFLAGS="-L/usr/local/opt/openssl/lib" CPPFLAGS="-I/usr/local/opt/openssl/include" ./configure --prefix=/Applications/MAMP/Library/
  4. make
  5. make install
  6. Restart MAMP

  7. In PHP, between curl_init and curl_exec:

    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

The explanation:

The path to finding the solution started with this site, which describes a different SSL error on MAMP, and suggests recompiling a fresh version of cURL with
--prefix=/Applications/MAMP/Library/ to overwrite the one MAMP uses. I tried this but it didn't work. Later, something possessed me to study the cURL compile options, and I noticed instructions for specifying a different version of OpenSSL when compiling it. I decided to give it a try (promising myself that this was the last attempt and then I would give up). I installed an up to date OpenSSL package with Homebrew, and its helpful post-install info said:

If you build your own software and it requires this formula, you'll need to add to your 
build variables:

LDFLAGS:  -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include

That looked similar to something I saw in the cURL compile options, which specified the correct syntax for the above:

LDFLAGS="-L/usr/local/opt/openssl/lib" CPPFLAGS="-I/usr/local/opt/openssl/include" ./configure

I added back in the --prefix=/Applications/MAMP/Library/, followed by the usual make and make install, restarted MAMP, and sighed with relief.

I later discovered that one of the cURL options I had thrown in from another website was also necessary to avoid a different SSL error ("SSL certificate problem: unable to get local issuer certificate"). Setting CURLOPT_SSL_VERIFYPEER to false solved that one for me.

linesarefuzzy
  • 1,890
  • 17
  • 17
  • 1
    Thanks this solved my problem. I was struggeling with the 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure' error for a couple of days on my local development environment and updated my SSL version but didn't linked it to Mamp. This post connected the dots for me! – Dimitri Zetzsche Jan 31 '16 at 13:01
  • Thank you, this saved me several hours of frustration and banging my head on my desk. I can't pay you, but I'll do the next best thing -- give you some points. – Matt Cole Feb 11 '16 at 22:30
  • Thank you so much, I lost 3 days trying to get a solution until I tried it with your instruction – fenixkim Feb 24 '16 at 17:18
  • Thank you! Worked like a charm. – vovafeldman Sep 12 '16 at 20:14
1

Here is a solution that works for me on MAMP Pro 3.5 running on OSX 10.11.1

In your PHP you may need to set the SSL version and the matching Cipher for curl_init():

curl_setopt($ch, CURLOPT_SSLVERSION, 1);
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');

For the exact parameters you can pass to CURLOPT_SSLVERSION see: http://php.net/manual/en/function.curl-setopt.php

Also the following can display errors related to SSL versions being used to help find exact version conflict you have:

$error = curl_error($ch);
echo $error;

More on this command: http://php.net/manual/en/ref.curl.php

Brandon Stephens
  • 93
  • 4
  • It's worth noting that unfortunately this only works if your system has certain recent versions of PHP and/or OpenSSL. – Simon East May 23 '16 at 06:07
0

Ive had the same problem. I solved it by instead using Apples preferred SecureTransport SSL program. The following worked for me:

  1. Download the latest curl (zip) version from here
  2. Go to your downloads folder and extract the zip file by double clicking on it. There will now be a folder with in your downloads folders with the extracted files.
  3. Open terminal and navigate to the folder `cd ~/Downloads/curl-folder-name'
  4. Then in terminal type ./configure --prefix=/Applications/MAMP/Library/ --with-darwinssl
  5. make && make install

Restart MAMP and see if the changes worked. One way to check is to call the following on your MAMP php program in terminal:

/Applications/MAMP/bin/php/php5.5.14/bin/php -r 'echo json_encode(curl_version(), JSON_PRETTY_PRINT);'

You should see "ssl_version": "SecureTransport"

GWed
  • 15,167
  • 5
  • 62
  • 99
  • I tried this (in an app using the Recurly API), but got a 500 response with nothing in the php error log. Adding VERIFYPEER=false didn't fix it. I needed both to include the VERIFYPEER setopt, and to include the two flags part of the configure command that is listed in the previous solution. – efreed Jul 10 '18 at 15:18
0

I solved this by updating the curl. (place check the curl version and openssl version, they may not match)

curl 7.12.1 need OpenSSL/0.9.7a but my OpenSSL is 1.0.2m.

details: ~ $ curl -V curl 7.12.1 (x86_64-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.9.7a zlib/1.2.1.2 libidn/0.5.6 Protocols: ftp gopher telnet dict ldap http file https ftps Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz ~ $ openssl version OpenSSL 1.0.2m 2 Nov 2017

刘远圳
  • 594
  • 6
  • 5