How to use ECDHE ciphers in PHP CURL?

Question

I used nmap to scan, this is the result:

Looks like they only support ECDHE, from output of openssl_get_cipher_methods(), there is no ECDHE cipher! So my question is how can I connect to the remote server using PHP CURL client?

This is my sample PHP code which is returned false with the message:

"Unknown cipher in list: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA", curl error number code is 59 (Couldn't use specified cipher.)

$ch = curl_init(); 
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA"); 
curl_setopt($ch, CURLOPT_SSLVERSION, 6); 
curl_setopt($ch, CURLOPT_URL, "xxxxxxxxxxxxxxx"); 
var_dump(curl_exec($ch)); 
var_dump(curl_error($ch)); 
var_dump(curl_errno($ch));

I'm using PHP 5.3.29, openssl 1.0.1e-fips 11 Feb 2013

You could start by upgrading the openssl. Scratch that - I just googled how old your version of OpenSSL is - UPGRADE YOUR OPENSSL NOW! (and don't specify te ciphers on the client unless you know what you're doing) — symcbean

Terence Johnson Terence Johnson · Accepted Answer · 2018-01-31T16:44:55

The format of 'CURLOPT_SSL_CIPHER_LIST' depends on the library your cURL is linked against. If you are running on a RedHat-derived Linux, it is NSS rather than GNUTLS (Ubuntu) or OpenSSL, so you will need to convert the names accordingly.

The following question should help you:

https://unix.stackexchange.com/questions/208437/how-to-convert-ssl-ciphers-to-curl-format

How to use ECDHE ciphers in PHP CURL?

2 Answers