PHP cURL SSL Cipher Suite Order

2019-09-12 07:36发布

Cloudflare uses the cipher suite of ECDHE_ECDSA and AES_128_GCM for their https certificates. When using PHP cURL, you can specify the cipher suite:

curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, 'ecdhe_ecdsa_aes_128_sha');

However, that doesn't help me if the cURL request is requesting something other than ecdhe_ecdsa_aes_128_sha.

The following Apache configuration is set, but PHP cURL does not seem to respect this:

SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

Is there a way to specify a cipher suite order for PHP cURL?

Environment Info:

[vagrant@devopsgroup ~]$ php -i | grep SSL
SSL => Yes
SSL Version => NSS/3.15.4
OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL Header Version => OpenSSL 1.0.1e-fips 11 Feb 2013
Native OpenSSL support => enabled

标签： php apache ssl curl

1条回答

放我归山

2楼-- · 2019-09-12 08:33

You can specify the cipher suites you want cURL to use with CURLOPT_SSL_CIPHER_LIST like you suggest above, but if cURL is compiled against OpenSSL, then you need to specify the ciphers in the format used by OpenSSL.

The Apache configuration has no effect on cURL.

Since cURL is built with OpenSSL, try using the cipher names from OpenSSL ciphers.

For example:

curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, 'ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA');

This answer is also useful: https://unix.stackexchange.com/questions/208437/how-to-convert-ssl-ciphers-to-curl-format

0人赞添加讨论(0) 举报

PHP cURL SSL Cipher Suite Order

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间