4

I have the following code which gives me "Curl Error :error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number" error.

$url='https://mysite/login';

$clientcert  =       "C:\\client.crt"; 
$keyfile     =       "C:\\server.key"; 
$challenge   =       "passphrase"; 
$CAFile      =       "C:\\server.pem";
print "<bR><BR>$challenge<br><br>"; 
print "<bR><BR>$keyfile<br><br>"; 
print "<bR><BR>$clientcert<br><br>"; 
print "<bR><BR>$CAFile<br><br>"; 

$header=array('contentType:application/json','MY-API-Key:34sdSDFSDFxcvxcvxcvEEE11','Content-Type:application/json','Accept: application/json');

$username=base64_encode("uname");
$password=base64_encode("pswd");

$ch = curl_init(); 
if(FALSE==$ch)
  echo "Unable to create Url Object" . "\n";

curl_setopt($ch, CURLOPT_URL, $url); 
curl_setopt($ch, CURLOPT_HEADER, 1); 
curl_setopt($ch, CURLOPT_HTTPHEADER, $header); 
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
curl_setopt($ch, CURLOPT_VERBOSE, 1); 
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSLVERSION,3);
//curl_setopt($ch, CURLOPT_POSTFIELDS,"$username:$password");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:26.0) Gecko/20100101 Firefox/26.0");       
curl_setopt($ch, CURLOPT_USERPWD,"$username:$password");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); 
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 
curl_setopt($ch, CURLOPT_FAILONERROR, 1); 
curl_setopt($ch, CURLINFO_HEADER_OUT, 1); 
curl_setopt($ch, CURLOPT_SSLCERT, $clientcert); 
curl_setopt($ch, CURLOPT_CAPATH, $CAFile); 
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $challenge); 
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $challenge); 
curl_setopt($ch, CURLOPT_SSLKEYTYPE, 'PEM'); 
curl_setopt($ch, CURLOPT_SSLKEY, $keyfile); 
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
//curl_setopt($ch, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);
  $response = curl_exec($ch);  
 $info=curl_getinfo($ch);

I have generated the certificate using the one passphrase and sha384 algorithm same as that of server. So I have private key, certificate (.crt file) and passphrase that I have set in apache as well as in the curl script. Please suggest what could be the issue.

user2849371
  • 79
  • 2
  • 3
  • 10

2 Answers2

2

I got same Error I have resolved it by changing

sslVersion = 3

updated To 

sslVersion = 'all'

It works for me

In your case I think you need to change

curl_setopt($ch, CURLOPT_SSLVERSION,3);

to 

curl_setopt($ch, CURLOPT_SSLVERSION,'all');

It should work

Satish Shinde
  • 2,878
  • 1
  • 24
  • 41
  • Looks like anything other than 3 might work. Probably linked to POODLE (at least *your* problem, though not the questioner). https://en.wikipedia.org/wiki/POODLE – Arc Oct 15 '14 at 08:48
  • @Archimedix Thanks for your comment. I got this issue in paypal-sdk. I have updated like above answer and it works. Is there any thing that i need to work apart from this change?? – Satish Shinde Oct 15 '14 at 10:03
  • Small clarification here: 'all' is probably converted to an int, i.e. 0, which specifies "use default SSL version", which in turn is likely TLSv1. – Arc Oct 17 '14 at 00:53
0

I got same Error

I have resolved it by changing

curl_setopt($ch, CURLOPT_SSLVERSION,3);

to

curl_setopt($ch, CURLOPT_SSLVERSION,4);

It should work

rink.attendant.6
  • 44,500
  • 61
  • 101
  • 156
Ricardo Oliveira
  • 1