php curl sslv3 allert illegial parameter

PHP Curl SSL Version

PHP Curl SSL Version

Working with one site via PHP CURL library recently, I met strange error. Site returned nothing to my CURL request from PHP code, but worked fine for the same URL via browser. What the mysticism was happened there? I started my research.

1st, I found CURLOPT_VERBOSE parameter. If you can not guess what is wrong with your CURL request, turn on CURLOPT_VERBOSE parameter. It’s very useful in such situation:

curl_setopt($ch, CURLOPT_VERBOSE, true);

Setting its value to TRUE forces CURL to output verbose information. It writes output to STDERR, or the file specified using CURLOPT_STDERR.
So I added parameter above and made step forward at once. I got the reason, why my CURL request didn’t work. CURL returned this information in the verbose mode:

* About to connect() to www.somesite.com port 443 (#0)
* Trying xx.xx.xx.xx… * connected
* Connected to www.somesite.com (xx.xx.xx.xx) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter
* Closing connection #0

You see from output above, that I tried to send request via HTTPS or secure SSL connection and got problem there. Site is available but SSL connection was not setup due to sslv3 illegial parameter.
How to fix that?
Searching Internet got me almost nothing, except that you can add “–sslv3” parameter to the command line “curl” Linux utility to fix such error message. Spending some more time on searching, but without success, I made guess that PHP CURL library should have similar parameter definitely. And, BINGO!, it has it, I got it! Magic word is CURLOPT_SSLVERSION. I set it value to 3:

curl_setopt($ch, CURLOPT_SSLVERSION, 3);

and my script started work correctly.
Due to PHP documentation this parameter is used to setup “The SSL version (2 or 3) to use. By default PHP will try to determine this itself, although in some cases this must be set manually.”

Tags: