0

I created the following script to check that hosting uses TLS 1.2 for encryption:

<?php
$ch = curl_init('https://tlstest.paypal.com/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($ch, CURLOPT_SSLVERSION, 6); //TLS v1.2
$data = curl_exec($ch);
curl_close($ch);

print $data;

If the call is made using TLS 1.2, paypal returns "PayPal_Connection_OK".

When I call it directly in ssh I get successful response:

$ php ./tls.php 
PayPal_Connection_OK

But when I put this script into httpdocs dir and call it through browser I get:

ERROR! Connection is using TLS version lesser than 1.2. Please use TLS1.2

What can be the issue?

user4035
  • 22,508
  • 11
  • 59
  • 94
  • 1
    Is your web server using the latest OpenSSL? – Machavity Jun 12 '18 at 22:38
  • @Machavity cURL Information: libcurl/7.24.0 OpenSSL/0.9.8z zlib/1.2.3 libidn/1.18. OpenSSL Version: OpenSSL 0.9.8za 5 Jun 2014 – user4035 Jun 12 '18 at 22:47
  • @Machavity It looks, that this lib is too old.TLS 1.2 support was added in OpenSSL 1.0.1. https://stackoverflow.com/questions/48178052/when-was-tls-1-2-support-added-to-openssl – user4035 Jun 12 '18 at 22:49
  • @Machavity But why does it work through console? – user4035 Jun 12 '18 at 22:50
  • Yeah, I've seen that before. The web server is compiled against one version but PHP comes compiled against another. 0.9.8 doesn't support TLS 1.2 sadly – Machavity Jun 12 '18 at 22:51
  • I assume this is Apache running mod_php. So when PHP runs, it's against the version Apache runs. CLI runs against its own – Machavity Jun 12 '18 at 22:52
  • @Machavity phpinfo() gave "Server API: CGI/FastCGI". I think, it's not mod_php, odd. – user4035 Jun 12 '18 at 22:59
  • Try creating an extended log of the CURL output as outlined in this question https://stackoverflow.com/questions/8868808/make-curl-output-stderr-to-file-or-string – Machavity Jun 13 '18 at 03:22

0 Answers0