问题描述

由于最近在 SSLv3 中发现的漏洞，许多网络服务提供商(例如 PayPal、Facebook、Google)禁用它并希望我们改用 TLS.我在弄清楚如何执行此操作时遇到了一些麻烦.

我目前正在使用以下函数来处理我的 cURL 请求.

function CURLRequest($Request = "", $APIName = "", $APIOperation = "", $PrintHeaders = false){$curl = curl_init();curl_setopt($curl, CURLOPT_VERBOSE, 1);curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);curl_setopt($curl, CURLOPT_TIMEOUT, 30);curl_setopt($curl, CURLOPT_URL, $this->EndPointURL);curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);curl_setopt($curl, CURLOPT_POSTFIELDS, $Request);if($this->APIMode == '证书'){curl_setopt($curl, CURLOPT_SSLCERT, $this->PathToCertKeyPEM);}$Response = curl_exec($curl);/** 如果发生 cURL 错误，则将其输出以供审核.*/if($this->Sandbox){如果(卷曲错误($卷曲)){echo curl_error($curl).'<br/><br/>';}}curl_close($curl);返回 $Response;}

但是，当我尝试访问 PayPal 的沙箱时，他们已经禁用了此功能，我最终遇到了 cURL 错误:error:14077410:SSLroutines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure>

我发现的信息是，我只需要将其更改为使用 TLS 而不是 SSL，而我看到的其他答案说只需在我的函数中添加 curl 选项即可...

curl_setopt($curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);

不过，我已经添加了该选项，但仍然得到完全相同的结果.任何有关我如何使这项工作发挥作用的信息都将不胜感激.谢谢！

复制自:SSL 错误无法更改为 TLS

尝试将 curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, 'TLSv1'); 添加到您的代码中.

如果您的 cURL 基于 OpenSSL libssl，这将起作用，但如果基于 nss，则不起作用.

Because of the recent vulnerability discovered in SSLv3, many web service providers (ie. PayPal, Facebook, Google) are disabling that and wanting us to use TLS instead. I'm having a little bit of trouble figuring out how to do this.

I'm currently using the following function to handle my cURL requests.

function CURLRequest($Request = "", $APIName = "", $APIOperation = "", $PrintHeaders = false)
{
    $curl = curl_init();
            curl_setopt($curl, CURLOPT_VERBOSE, 1);
            curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
            curl_setopt($curl, CURLOPT_TIMEOUT, 30);
            curl_setopt($curl, CURLOPT_URL, $this->EndPointURL);
            curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
            curl_setopt($curl, CURLOPT_POSTFIELDS, $Request);

    if($this->APIMode == 'Certificate')
    {
        curl_setopt($curl, CURLOPT_SSLCERT, $this->PathToCertKeyPEM);
    }

    $Response = curl_exec($curl);

    /*
     * If a cURL error occurs, output it for review.
     */
    if($this->Sandbox)
    {
        if(curl_error($curl))
        {
            echo curl_error($curl).'<br /><br />';  
        }
    }

    curl_close($curl);
    return $Response;   
}

When I try hitting PayPal's sandbox, though, where they've already disabled this, I end up with a cURL error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

The info that I've found is that I just need to change this to use TLS instead of SSL, and the other answers I've seen say to simply do that by adding a curl option to my function...

curl_setopt($curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);

I've added that option, though, and I still get the exact same result. Any information on how I can get this working would be greatly appreciated. Thanks!

Copied from: SSL error can not change to TLS

Try add curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, 'TLSv1'); to your code.

This will work if you cURL is OpenSSL libssl based but not if nss based.

这篇关于将 PHP cURL 请求从 SSLv3 更新为 TLS ..?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！