|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2019-08-01 18:09 UTC] mah at jump-ing dot de
[2019-08-01 18:11 UTC] requinix@php.net
-Status: Open
+Status: Not a bug
[2019-08-01 18:11 UTC] requinix@php.net
[2019-08-01 18:30 UTC] mah at jump-ing dot de
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Oct 29 15:00:02 2025 UTC |
Description: ------------ Trying to connect with an intentionally lower TLS version, set by CURLOPT_SSLVERSION, connects with the highest supported TLS version instead. This makes the CURLOPT_SSLVERSION setting pretty moot. Test script: --------------- <?php echo 'PHP version: ' . phpversion() . PHP_EOL; echo 'cURL version: ' . curl_version()['version'] . PHP_EOL; $ch = curl_init('https://www.howsmyssl.com/a/check'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0); curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); //curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); $data = curl_exec($ch); curl_close($ch); $json = json_decode($data); echo ($data ? $json->tls_version : 'curl request failed') . PHP_EOL; Expected result: ---------------- This output: PHP version: 7.3.7-2+ubuntu19.04.1+deb.sury.org+1 cURL version: 7.64.0 TLS 1.1 Actual result: -------------- This output (last line), no matter what's choosen for CURLOPT_SSLVERSION: PHP ... cURL ... TLS 1.3