Php cURL error:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

1
votes

**I already searched stackoverflow as well as other sources unfortunately i got no perfect solution to solve this issue even i tried every way so my request is help in code not share any links **

i am using ZeroXIII - 13.3.2 on windows 7 here is my php Curl function for download web pages

function gdllssl3($target_url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36');
curl_setopt($ch, CURLOPT_URL,$target_url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt ($ch, CURLOPT_CAINFO, "D:\cacert-2019-05-15.pem");
curl_setopt($ch, CURLOPT_SSLVERSION,4);
curl_setopt($ch, CURLOPT_TIMEOUT,10);
$html= curl_exec($ch);
if (!$html) {
        echo "<br />cURL error number:" .curl_errno($ch);
        echo "<br />cURL error:" . curl_error($ch);
}
return $html;
}


echo $url=gdllssl3('https://www.ratemyagent.com.au/real-estate-profile/sales/new-south-wales/agents');

it return me this error

cURL error number:35 cURL error:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

using latest CA certificates extracted from Mozilla

1
phpsslcurl
ServerHello TLS message happens before any certificate exchanges, so the problem can not be related to whatever certificate or CA you use.Patrick Mevzek
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); this is VERY BAD and SHOULD NOT be done. You open yourself to hijacking attacks, and basically this voids any usefulness of doing HTTPS (TLS), you might as well do HTTP.Patrick Mevzek
Generic comment: saying "I already searched... i got no perfect solution ... even I tried every way" is absolutely not useful (and you could edit your question to remove that as it does not add anything). Noone can know which solutions you found and exactly what you did test. You should instead clearly spell out what you have tried, what results you got, and what you expected instead. A "notice" like you did will not prevent people judging your question is a duplicate to any other asking for this error.Patrick Mevzek

1 Answers

1
votes

It seems like you are trying to connect to a remote server supporting TLS v1.1 and TLS v1.2, not TLS v1.0

Could you try to change this line:

curl_setopt($ch, CURLOPT_SSLVERSION, 4);

to

curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);

CURLOPT_SSLVERSION 4 (CURL_SSLVERSION_TLSv1_0) means TLS v1.0, while 5 (CURL_SSLVERSION_TLSv1_1) means TLS v1.1

For information, TLS v1.0 is now deprecated and must be avoided for security reasons. https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls

Eventually, as mentioned by Patrick Mevzek in the comments below, you'd better remove that line completely to let the curl module choose the best supported protocol, as stated in the documentation (PHP cURL)