2017
May
31
SSLv1 SSLv2 因 security 問題,很多 Server 都已經停用這兩種 SSL 加密機制,造成 Curl 會有以下錯誤訊息:
Curl
- * About to connect() to xxx.xxx.xx port 443 (#0)
- * Trying 124.108.112.37... connected
- * Connected to xxx.xxx.xx (1.1.1.1) port 443 (#0)
- * Initializing NSS with certpath: sql:/etc/pki/nssdb
- * warning: ignoring value of ssl.verifyhost
- * NSS error -5938
- * Closing connection #0
- * SSL connect error
- curl: (35) SSL connect error
解決方式
在 Linux 環境下,使用 Curl 要補上 "--tlsv1":
curl -k "https://xxxx" --tlsv1
PHP 則是要補上 CURLOPT_SSLVERSION:
curl_setopt($ch, CURLOPT_SSLVERSION, 1);