TLS 1.2 not working in cURL

Sam Ash picture Sam Ash · May 9, 2015 · Viewed 112.6k times · Source

I am having trouble curling an HTTPS url that uses TLS1.2, in my curl operation I post my login data into the website and save it in cookiefile. The error message I am getting is this

 error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

I have tried setting VERIFYPEER and VERIFYHOST to 0 but that does not seem to work, any suggestions?

Here are the versions I am using:

  • OpenSSL version is 0.9.8b
  • CURL version is 7.24.0
  • PHP is 5.3

Here is the code:

$setuplogin = curl_init(); 
curl_setopt ($setuploginurl, CURLOPT_URL, $url); 
curl_setopt ($setuploginurl, CURLOPT_SSL_VERIFYPEER, 1); 
curl_setopt ($setuploginurl, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt ($setuploginurl, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt ($setuploginurl, CURLOPT_SSLVERSION, 'CURL_SSLVERSION_TLSv1_2');
curl_setopt ($setuploginurl, CURLOPT_POSTFIELDS, 'username=uname&password=pword&act=login&submit=Login');
curl_setopt ($setuploginurl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36"); 
curl_setopt (setuploginurl, CURLOPT_TIMEOUT, 60); 
curl_setopt ($setuploginurl, CURLOPT_COOKIESESSION, TRUE); 
curl_setopt ($setuploginurl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($setuploginurl,  CURLOPT_HEADER, 1);
curl_setopt ($setuploginurl,CURLOPT_ENCODING,"gzip");
curl_setopt ($setuploginurl, CURLOPT_POST, true);
curl_setopt ($setuploginurl, CURLOPT_COOKIEJAR, 'cookies.txt'); 
curl_setopt ($setuploginurl, CURLOPT_FRESH_CONNECT , 1);

$loginp= curl_exec($setuploginurl); 
if ($loginp === FALSE) {
    die(curl_error($setuploginurl));
}

curl_close ($setuploginurl); 
var_dump ($loginp);

Answer

Jeff picture Jeff · Oct 3, 2015

You must use an integer value for the CURLOPT_SSLVERSION value, not a string as listed above

Try this:

curl_setopt ($setuploginurl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); // constant NOT string value

http://php.net/manual/en/function.curl-setopt.php

value should be an integer for the following values of the option parameter: CURLOPT_SSLVERSION

One of:

CURL_SSLVERSION_DEFAULT (0)
CURL_SSLVERSION_TLSv1 (1)
CURL_SSLVERSION_SSLv2 (2)
CURL_SSLVERSION_SSLv3 (3)
CURL_SSLVERSION_TLSv1_0 (4)
CURL_SSLVERSION_TLSv1_1 (5)
CURL_SSLVERSION_TLSv1_2 (6)