将SSL cURL请求从SSLv3更新为TLS ..?
[英]Update PHP cURL request from SSLv3 to TLS..?
问题描述
Because of the recent vulnerability discovered in SSLv3 , many web service providers (ie. PayPal, Facebook, Google) are disabling that and wanting us to use TLS instead. 
由于最近在SSLv3中发现了漏洞 ,许多Web服务提供商(即PayPal,Facebook,Google)正在禁用该漏洞并希望我们使用TLS。 I'm having a little bit of trouble figuring out how to do this. 我在弄清楚如何做到这一点时遇到了一些麻烦。
I'm currently using the following function to handle my cURL requests. 我目前正在使用以下函数来处理我的cURL请求。
function CURLRequest($Request = "", $APIName = "", $APIOperation = "", $PrintHeaders = false)
{
$curl = curl_init();
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_TIMEOUT, 30);
curl_setopt($curl, CURLOPT_URL, $this->EndPointURL);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $Request);
if($this->APIMode == 'Certificate')
{
curl_setopt($curl, CURLOPT_SSLCERT, $this->PathToCertKeyPEM);
}
$Response = curl_exec($curl);
/*
* If a cURL error occurs, output it for review.
*/
if($this->Sandbox)
{
if(curl_error($curl))
{
echo curl_error($curl).'<br /><br />';
}
}
curl_close($curl);
return $Response;
}
When I try hitting PayPal's sandbox, though, where they've already disabled this, I end up with a cURL error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure 当我尝试点击PayPal的沙箱时,他们已经禁用了这个,我最终得到了一个cURL错误: 错误:14077410:SSL例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败
The info that I've found is that I just need to change this to use TLS instead of SSL, and the other answers I've seen say to simply do that by adding a curl option to my function... 我发现的信息是我只需要改变它来使用TLS而不是SSL,而我见过的其他答案只是通过在我的函数中添加一个curl选项来做到这一点......
curl_setopt($curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
I've added that option, though, and I still get the exact same result. 我已经添加了这个选项,但我仍然得到完全相同的结果。 Any information on how I can get this working would be greatly appreciated. 任何有关如何使这项工作的信息将不胜感激。 Thanks! 谢谢!
4 个解决方案
解决方案1
4 已采纳 2014-11-05 18:53:15
Copied from: SSL error can not change to TLS 复制自: SSL错误无法更改为TLS
Try add curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, 'TLSv1'); 尝试添加curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, 'TLSv1'); to your code. 你的代码。
This will work if you cURL is OpenSSL libssl based but not if nss based. 如果你的cURL是基于OpenSSL的libssl而不是基于nss,那么这将有效。
解决方案2
4 2014-11-06 23:38:00
A better solution until Paypal updates its core SDK would be to override the CURLOPT_SSL_CIPHER_LIST directly in your application. 在Paypal更新其核心SDK之前,更好的解决方案是直接在应用程序中覆盖CURLOPT_SSL_CIPHER_LIST。 This way you don't have to interfere with the sdk-core-php package directly and you will be free to upgrade it in future. 这样您就不必直接干扰sdk-core-php软件包,将来可以自由升级。
You could add something like the following to your app's bootstrap or payment processing logic: 您可以在应用程序的引导程序或支付处理逻辑中添加以下内容:
PPHttpConfig::$DEFAULT_CURL_OPTS[CURLOPT_SSL_CIPHER_LIST] = 'TLSv1';
Just make sure you comment it thoroughly and remember to take it out later when the issue has been patched in the core. 只需确保您对其进行彻底评论,并记得稍后在核心问题修补后将其删除。
解决方案3
0 2016-11-14 18:31:45
我刚解决了通过终端更新nss库的问题。
解决方案4
0 2017-05-17 15:52:03
If the above does not help, check OPENSSL version. 如果上述方法无效,请检查OPENSSL版本。 Its likely because of OPENSSL version <= 0.9.8. 可能是因为OPENSSL版本<= 0.9.8。 Updating to PHP7 helps, which comes with higher version of OPENSSL. 更新到PHP7有帮助,它带有更高版本的OPENSSL。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.