inf3ction inf3ction - 6 months ago 147
PHP Question

Php curl set ssl version

Since 3 days I can't connect to the paypal sandbox. I found out that they maybe dissabled the support for SSLv3. So i tried to change the SSL Version in my curl Request by setting :

curl_setopt($curl, CURLOPT_SSLVERSION,1); # 1 = TLSv1


But it still give me the same error :

error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure


Any idea why the script is still using SSLv3 ?

I am using php 5.5 and the following curl version ( currently asking at my hoster [ managed hosting at 1&1 ] to upgrade to a newer version)

curl 7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
Protocols: dict file ftp ftps http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

Answer

The problem is that PayPal dropped support for SSLv3, TLS 1.0, and TLS 1.1 and now only support TLS 1.2 but the OpenSSL version cURL is built with (0.9.8o) does not support TLS.

At this point all you can do is hope the host can update OpenSSL, cURL, and PHP to a newer (1.0+) version of OpenSSL.

As it stands now, your cURL client doesn't speak TLS which is required by PayPal and there are no ways around it other than updating OpenSSL.