CURL PHP handshake failure SSL

2
votes

I have the following code :

<?php
$cookie_file_path = "cookie.txt"; // 
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'theurl');
curl_setopt($ch, CURLOPT_POSTFIELDS,'blocPnr_textField_labelNom='.urlencode('www').'&blocPnr_textField_labelPnr='.urlencode('xxx').'&blocPnr_valider=Submit');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSLVERSION,3); 
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3");
curl_setopt($ch, CURLOPT_REFERER, "theurl");
$page = curl_exec($ch);
var_dump($page);
echo 'error:' . curl_error($ch);
?>

It gives me the following error:

bool(false) error:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

I can't figure out where the pb comes from. I looked for similar error message on Google and S/O but haven't found any solution.

1
phpsslcurlhandshakesslhandshakeexception
Are you sure it is a sslv3 ?Alex
how can I know ? and what are the different version I can try ? I looked at this (curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html) but not sure I understand what to typejustberare
It is a CURL_SSLVERSION_TLSv1 use this instead.Alex
It works !! thanks a tonjustberare
The documentation of curl you can find it here : php.net/manual/en/function.curl-setopt.phpAlex

1 Answers

3
votes

You're trying to use version 3 of the SSL protocol which is either refused or unsupported by the server. The POODLE attack pushed a lot of system administrators to drop support for SSLv3 and its usage is not so widespread anymore (and definitely not recommended).

When you have SSL handshake errors, try different versions of SSL/TLS until one works (preferably the most secure). If you have a doubt, using CURL_SSLVERSION_DEFAULT works in most cases.

curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_DEFAULT);

It seems that formulaire.sncf.com supports TLSv1.0. You could also force use that protocol version:

curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0);