Closed y2468101216 closed 6 years ago
想問一下我是需要做啥?跟三竹申請 ssl 憑證嗎
查詢 cURL 的錯誤代碼說明如下:
CURLE_SSL_CONNECT_ERROR (35)
A problem occurred somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others.
建議您可以先開啟 Guzzle 的 debug 功能,看看更詳細的錯誤訊息。
我知道問題所在了,問題出在於 openssl 已經不支援有漏洞的 sslv3 憑證,我週末發一個簡單的 pr 來改進此問題。
加入強制使用 TLSv1 嗎?
應該不是 只是寫個 FAQ 之類的,另外增加可改為使用 http 的 url
要讓 openssl 支援 sslv3 要自己 compile 太困難了
SSLv3 還是別用了 XD 如果要使用 HTTP endpoints 可以使用以下方法來設定:
$client->setBaseURL('http://smexpress.mitake.com.tw:9600');
$client->setLongMessageBaseURL('http://smexpress.mitake.com.tw:7002');
我知道阿,所以我就是改寫下文件,然後加入使用 http 的選項XD
謝謝 @y2468101216 提醒,TLSv1 也棄用了,可參考 Deprecating TLSv1.0 and TLSv1.1。
cipherscan:
Target: smexpress.mitake.com.tw:9601
prio ciphersuite protocols pubkey_size signature_algoritm trusted ticket_hint ocsp_staple npn pfs
1 IDEA-CBC-SHA SSLv3,TLSv1 2048 sha256WithRSAEncryption False None False None None None
2 RC4-SHA SSLv3,TLSv1 2048 sha256WithRSAEncryption False None False None None None
3 RC4-MD5 SSLv3,TLSv1 2048 sha256WithRSAEncryption False None False None None None
4 DES-CBC3-SHA SSLv3,TLSv1 2048 sha256WithRSAEncryption False None False None None None
5 DES-CBC-SHA SSLv3,TLSv1 2048 sha256WithRSAEncryption False None False None None None
6 IDEA-CBC-MD5 SSLv2 2048 sha256WithRSAEncryption False None False None None None
7 RC2-CBC-MD5 SSLv2 2048 sha256WithRSAEncryption False None False None None None
8 DES-CBC3-MD5 SSLv2 2048 sha256WithRSAEncryption False None False None None None
9 RC4-64-MD5 SSLv2 2048 sha256WithRSAEncryption False None False None None None
10 DES-CBC-MD5 SSLv2 2048 sha256WithRSAEncryption False None False None None None
11 EXP-RC2-CBC-MD5 SSLv2 2048 sha256WithRSAEncryption False None False None None None
12 EXP-RC4-MD5 SSLv2 2048 sha256WithRSAEncryption False None False None None None
我發 pr 了,下周末我才有時間修 cli 的部分
@y2468101216 謝謝您
想了下,考慮在 Mitake 修正這個安全性問題前,先在專案上加註警語。
長簡訊的部分支援 TLSv1.2 XDD
Target: smexpress.mitake.com.tw:7102
prio ciphersuite protocols pfs curves
1 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1
2 AES256-SHA256 TLSv1.2 None None
3 ECDHE-RSA-RC4-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1
4 RC4-SHA TLSv1,TLSv1.1,TLSv1.2 None None
5 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1
6 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 None None
7 CAMELLIA256-SHA TLSv1,TLSv1.1,TLSv1.2 None None
8 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1
9 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1
10 AES128-SHA256 TLSv1.2 None None
11 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 None None
12 CAMELLIA128-SHA TLSv1,TLSv1.1,TLSv1.2 None None
Closed by #3.
PHP Fatal error: Uncaught GuzzleHttp\Exception\ConnectException: cURL error 35: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) in /home/yun_chen/project/mitake-php/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:185
Stack trace:
0 /home/yun_chen/project/mitake-php/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(149): GuzzleHttp\Handler\CurlFactory::createRejection(Object(GuzzleHttp\Handler\EasyHandle), Array)
1 /home/yun_chen/project/mitake-php/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(102): GuzzleHttp\Handler\CurlFactory::finishError(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory))
2 /home/yun_chen/project/mitake-php/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php(43): GuzzleHttp\Handler\CurlFactory::finish(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory))
3 /home/yun_chen/proj in /home/yun_chen/project/mitake-php/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php on line 185