1

A PHP script I have been using for a while to retrieve the contents of a particular SSL webpage has suddenly started failing, and throwing the following error (the page has always been an SSL page):

cUrl error (#35): error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 
alert protocol version
Verbose information:
* Adding handle: conn: 0x1da38f0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x1da38f0) send_pipe: 1, recv_pipe: 0
* About to connect() to www.oddschecker.com port 443 (#0)
*   Trying 35.201.89.239...
* Connected to www.oddschecker.com (35.201.89.239) port 443 (#0)
* error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
* Closing connection 0

Webpage in question:
https://www.oddschecker.com/golf/open-championship/2018-open-championship/winner

Code:

function get_data($url) 
{
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}

I have tried a few different proposed solutions from google, in terms of setting different curl_setopt parameters but no luck so far. Any suggestions would be greatly appreciated.

Local Windows PHP Installation
PHP Version: 5.3.28
Curl Version: 7.30.0
SSL Version: OpenSSL/0.9.8y

Improve this question
3
  • What version of OpenSSL and PHP are installed on your server? You probably need to update them. Commented Jul 16, 2018 at 16:48
  • Thanks for the reply. It's just a local PHP installation on my windows machine. PHP Version 5.3.28 SSL Version OpenSSL/0.9.8y Commented Jul 16, 2018 at 18:08
  • Looks like the web site you are going to will only allow TLS 2 or above now. As @BA_Webimax said, you will likely need an update on your end. Commented Jul 16, 2018 at 18:08

2 Answers 2

Reset to default
1

Looks like it's time for an update. The site you are trying to connect to has secured their communications by dropping support for the older, insecure protocols like SSL2, SSL3 and TLS1. You can see that for yourself here: https://www.ssllabs.com/ssltest/analyze.html?d=www.oddschecker.com

You are using a version of OpenSSL that is ancient by Internet standards and is considered to be very insecure as it contains a multitude of vulnerabilities. The TLS 1.1 and 1.2 protocols were added to OpenSSL v1.0.1.

Changes between 1.0.0h and 1.0.1 [14 Mar 2012] ... *) Add TLS v1.2 client side support for client authentication. Keep cache of handshake records longer as we don't know the hash algorithm to use until after the certificate request message is received. [Steve Henson]

*) Initial TLS v1.2 client support. Add a default signature algorithms extension including all the algorithms we support. Parse new signature format in client key exchange. Relax some ECC signing restrictions for TLS v1.2 as indicated in RFC5246. [Steve Henson] ...

https://www.openssl.org/news/cl102.txt

It won't hurt to update the rest of your stack as well.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you for the detailed input (and the others above). I updated my PHP stack and it all works great again now.
0

You can try to set the TLS to use a more modern version (1.2) by adding:

curl_setopt($ch, CURLOPT_SSLVERSION, 6);

See curl_setopt's CURLOPT_SSLVERSION for other values.

Improve this answer

1 Comment

Thanks. However, no change in the error output when changing it to this value.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.