php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66958 CURL-SSL Regression, not detecting Cypher or Http Version
Submitted: 2014-03-26 10:45 UTC Modified: 2014-04-10 20:22 UTC
From: pablius5k at gmail dot com Assigned:
Status: Not a bug Package: cURL related
PHP Version: 5.5.10 OS: Windows
Private report: No CVE-ID: None
 [2014-03-26 10:45 UTC] pablius5k at gmail dot com
Description:
------------
Using PHP 5.5.10TS/Windows+Apache

After upgrading from 5.3.x, CURL is unable to connect to some SSL sites.

It returns: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

Adding the following parameters solves the issue:
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'RC4-SHA');

This was not needed on previous versions, and curl should detect it on it's own as they are standard.

Test script:
---------------
$url = 'www.miki.co.uk';
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); 
curl_setopt($ch, CURLOPT_ENCODING, "gzip");
curl_setopt($ch, CURLOPT_SSLVERSION, 3);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
//curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'RC4-SHA');
//curl_setopt($ch, CURLOPT_URL, $url );
$output = curl_exec($ch);

Expected result:
----------------
Expected result: successful connection.

Uncommenting the mentioned lines solves the problem.

Actual result:
--------------
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-04-10 20:22 UTC] ab@php.net
-Status: Open +Status: Not a bug
 [2014-04-10 20:22 UTC] ab@php.net
5.3.28 uses libcurl 7.30.0, versions prior to 5.4.27 use libcurl 7.30.0 or (some later) with 7.35.0. 5.4.27 has libcurl 5.36.0, as well as the latest 5.5. Any version I named show the same error you've posted. That means to me - either it is really some hard libcurl issue (which i really doubt taking in account the version range), or it is the website which has changed it's cyphers list to face the NSA threats :)

Thanks
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Oct 23 21:01:33 2019 UTC