PHP Curl Error on SSL Page

0
votes

A PHP script I have been using for a while to retrieve the contents of a particular SSL webpage has suddenly started failing, and throwing the following error (the page has always been an SSL page):

cUrl error (#35): error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 
alert protocol version
Verbose information:
* Adding handle: conn: 0x1da38f0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x1da38f0) send_pipe: 1, recv_pipe: 0
* About to connect() to www.oddschecker.com port 443 (#0)
*   Trying 35.201.89.239...
* Connected to www.oddschecker.com (35.201.89.239) port 443 (#0)
* error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
* Closing connection 0

Webpage in question:
https://www.oddschecker.com/golf/open-championship/2018-open-championship/winner

Code:

function get_data($url) 
{
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}

I have tried a few different proposed solutions from google, in terms of setting different curl_setopt parameters but no luck so far. Any suggestions would be greatly appreciated.

Local Windows PHP Installation
PHP Version: 5.3.28
Curl Version: 7.30.0
SSL Version: OpenSSL/0.9.8y

2
phpcurl
What version of OpenSSL and PHP are installed on your server? You probably need to update them. - BA_Webimax
Thanks for the reply. It's just a local PHP installation on my windows machine. PHP Version 5.3.28 SSL Version OpenSSL/0.9.8y - Gareth
Looks like the web site you are going to will only allow TLS 2 or above now. As @BA_Webimax said, you will likely need an update on your end. - Dave

2 Answers

1
votes

Looks like it's time for an update. The site you are trying to connect to has secured their communications by dropping support for the older, insecure protocols like SSL2, SSL3 and TLS1. You can see that for yourself here: https://www.ssllabs.com/ssltest/analyze.html?d=www.oddschecker.com

You are using a version of OpenSSL that is ancient by Internet standards and is considered to be very insecure as it contains a multitude of vulnerabilities. The TLS 1.1 and 1.2 protocols were added to OpenSSL v1.0.1.

Changes between 1.0.0h and 1.0.1 [14 Mar 2012] ... *) Add TLS v1.2 client side support for client authentication. Keep cache of handshake records longer as we don't know the hash algorithm to use until after the certificate request message is received. [Steve Henson]

*) Initial TLS v1.2 client support. Add a default signature algorithms extension including all the algorithms we support. Parse new signature format in client key exchange. Relax some ECC signing restrictions for TLS v1.2 as indicated in RFC5246. [Steve Henson] ...

https://www.openssl.org/news/cl102.txt

It won't hurt to update the rest of your stack as well.

0
votes

You can try to set the TLS to use a more modern version (1.2) by adding:

curl_setopt($ch, CURLOPT_SSLVERSION, 6);

See curl_setopt's CURLOPT_SSLVERSION for other values.