SSL connect error cannot send tlsv1.2

Question

Curl fails error SSL connect error

Server Open SSL version: OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Mon May 9 07:30:30 CDT 2016

Server curl -V: curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.6.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2

curl code:

$ch = curl_init();
    curl_setopt($ch, CURLOPT_PROXY, $this->config_proxy);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-type: text/xml', 'Expect: '));
    curl_setopt($ch, CURLOPT_URL, $this->url);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
    curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, $this->config_timeout);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSLVERSION, 6);
    curl_setopt($ch, CURL_SSLVERSION_TLSv1, 1);
    $output = curl_exec($ch);
    $responseCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

is there any possible way to run this curl, without updating curl version on server, because my client recommands not to update curl version on server

I tried all options given in answers of similar question, but none worked with my case. — kaushal Bhatia

Salic Salic · Accepted Answer · 2017-02-23T13:08:50

It's the SSL handshake, what does your webserver's log say ? You could use a stream context and set it to use all ciphers, like this:

    $context = stream_context_create(array(
        'ssl' => array(
            // set some SSL/TLS specific options
            'verify_peer' => false,
            'verify_peer_name' => false,
            'allow_self_signed' => true,
            'ciphers' => 'ALL'
        )
    ));

Alternatively, you could try to set the SSL cipher list in curl, e.g.:

curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, 'ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA');

SSL connect error cannot send tlsv1.2

2 Answers