PHP :: Bug #66958 :: CURL-SSL Regression, not detecting Cypher or Http Version

Bug #66958	CURL-SSL Regression, not detecting Cypher or Http Version
Submitted:	2014-03-26 10:45 UTC	Modified:	2014-04-10 20:22 UTC
From:	pablius5k at gmail dot com	Assigned:
Status:	Not a bug	Package:	cURL related
PHP Version:	5.5.10	OS:	Windows
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	pablius5k at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2014-03-26 10:45 UTC] pablius5k at gmail dot com

Description:
------------
Using PHP 5.5.10TS/Windows+Apache

After upgrading from 5.3.x, CURL is unable to connect to some SSL sites.

It returns: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

Adding the following parameters solves the issue:
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'RC4-SHA');

This was not needed on previous versions, and curl should detect it on it's own as they are standard.

Test script:
---------------
$url = 'www.miki.co.uk';
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); 
curl_setopt($ch, CURLOPT_ENCODING, "gzip");
curl_setopt($ch, CURLOPT_SSLVERSION, 3);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
//curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'RC4-SHA');
//curl_setopt($ch, CURLOPT_URL, $url );
$output = curl_exec($ch);

Expected result:
----------------
Expected result: successful connection.

Uncommenting the mentioned lines solves the problem.

Actual result:
--------------
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-04-10 20:22 UTC] ab@php.net

-Status: Open +Status: Not a bug

[2014-04-10 20:22 UTC] ab@php.net

5.3.28 uses libcurl 7.30.0, versions prior to 5.4.27 use libcurl 7.30.0 or (some later) with 7.35.0. 5.4.27 has libcurl 5.36.0, as well as the latest 5.5. Any version I named show the same error you've posted. That means to me - either it is really some hard libcurl issue (which i really doubt taking in account the version range), or it is the website which has changed it's cyphers list to face the NSA threats :)

Thanks

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 03:01:28 2024 UTC