0

Using below code to send request over TLS v1.0.

$url = "https://example.com";
$input_segment = "";

$data = array('InputSegments'=>$input_segment, 'cmdSubmit'=>'Submit');
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
curl_setopt($ch, CURLOPT_PORT, "443");
curl_setopt($ch, CURLOPT_SSLVERSION, 4);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
                                        'Content-Type: application/x-www-form-urlencoded'
                                        ));
$response = curl_exec($ch);
$info = curl_getinfo($ch);
$err_no = curl_errno($ch);
$err = curl_error($ch);
curl_close($ch);
var_dump($response);

ERROR

Error #:SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

It looks like still using SSL. How to send curl request over TLSv1.0 in PHP?

RNK
  • 5,582
  • 11
  • 65
  • 133
  • LMGTFY: https://github.com/curl/curl/issues/1689 – Unamata Sanatarai Oct 02 '17 at 19:07
  • try using the constant `CURL_SSLVERSION_TLSv1_0` instead of 4. Also set CURLOPT_USE_SSL to force the usage of the TLS (or SSL) requested and fail otherwise. – LordNeo Oct 02 '17 at 19:11
  • @UnamataSanatarai: Server issue means from third party side or something I need to fix it from my side? – RNK Oct 02 '17 at 19:11
  • @LordNeo: Updated the request with these 2 lines: `curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0); curl_setopt($ch, CURLOPT_USE_SSL, "TLS");` still same result – RNK Oct 02 '17 at 19:13
  • may be your sever, may be the other side. As the ticket on github says - not really sure. – Unamata Sanatarai Oct 02 '17 at 19:14
  • try to run curl from command line using --tlsv1 – LordNeo Oct 02 '17 at 19:15
  • @LordNeo: I think there is a problem with PHP only. – RNK Oct 02 '17 at 19:24
  • @RonakPatel is there a big urgency to do request over TLS 1.0 ? Cuz server part may not use that version. – num8er Oct 02 '17 at 21:06
  • @RonakPatel btw have You tried to use Guzzle? Check this example: https://stackoverflow.com/questions/33134274/how-do-we-specify-tls-ssl-options-in-guzzle – num8er Oct 02 '17 at 21:08
  • @num8er: Its a requirement from our third party provider. What do you mean by server part may not use that version? – RNK Oct 02 '17 at 21:10
  • @RonakPatel for example when I setup certificate and ssl in nginx I always define latest tls version for security. – num8er Oct 02 '17 at 21:11
  • @num8er: We are using apache. Do you know how to check it and enable it for this feature? – RNK Oct 02 '17 at 21:14
  • apache `ssl.conf` setup is like this: `SSLProtocol all -SSLv3 -SSLv2` – RNK Oct 02 '17 at 21:21
  • @RonakPatel need to see php configs and etc... – num8er Oct 02 '17 at 21:21
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/155788/discussion-between-ronak-patel-and-num8er). – RNK Oct 02 '17 at 21:22

1 Answers1

0

to force TLS 1.0, i think it's sufficient to set CURLOPT_SSLVERSION to CURL_SSLVERSION_TLSv1_0

hanshenrik
  • 19,904
  • 4
  • 43
  • 89