search

php-imagine / Imagine

PHP Object Oriented image manipulation library
https://imagine.readthedocs.io
Other
4.42k stars 530 forks source link

curl error: 1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version #831

Open jetibbetts opened 2 years ago

jetibbetts commented 2 years ago

Issue description

I'm getting the following error:

Uncaught Imagine\Exception\RuntimeException: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version in /var/www/homesbymarco.com/vendor/imagine/imagine/src/File/Loader.php:237

I get the error on my server running Ubuntu 18.04 with curl 7.58, but I do not get the error on my other server running Ubuntu 20.04 with curl 7.68.

What version of Imagine are you using?

1.3.2

What's the PHP version you are using?

PHP 7.2.34-28+ubuntu18.04.1+deb.sury.org+1 (cli) (built: Nov 19 2021 06:36:36) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.2.34-28+ubuntu18.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies

What's the imaging library you are using [gd/imagick/gmagick/any]?

gd

What's the imaging library configuration

php --ri gd

gd

GD Support => enabled GD headers Version => 2.3.0 GD library Version => 2.3.0 FreeType Support => enabled FreeType Linkage => with freetype FreeType Version => 2.8.1 GIF Read Support => enabled GIF Create Support => enabled JPEG Support => enabled libJPEG Version => 8 PNG Support => enabled libPNG Version => 1.6.34 WBMP Support => enabled XPM Support => enabled libXpm Version => 30411 XBM Support => enabled WebP Support => enabled

Directive => Local Value => Master Value gd.jpeg_ignore_warning => 1 => 1

Minimal PHP code to reproduce the error:


$url = 'https://cdn.onebauer.media/one/empire-images/features/5665a94d329ff0ca7c62aca1/STA039DV.jpg?format=jpg&quality=80&width=850&ratio=1-1&resize=aspectfit';

$imagine = new Imagine\Gd\Imagine();
$photo = $imagine->open(new Imagine\File\Loader($url));
ausi commented 2 years ago

error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version looks like SSL problems on your server.

Does the following code work on your server?

$url = 'https://cdn.onebauer.media/one/empire-images/features/5665a94d329ff0ca7c62aca1/STA039DV.jpg?format=jpg&quality=80&width=850&ratio=1-1&resize=aspectfit';
var_dump(strlen(file_get_contents($url));
jetibbetts commented 2 years ago

Yes

int(90316)

ausi commented 2 years ago

But the following code fails?

$url = 'https://cdn.onebauer.media/one/empire-images/features/5665a94d329ff0ca7c62aca1/STA039DV.jpg?format=jpg&quality=80&width=850&ratio=1-1&resize=aspectfit';
var_dump(strlen((new Imagine\File\Loader($url))->getData()));

Then it is probably CURL related, please also test the following code:

$url = 'https://cdn.onebauer.media/one/empire-images/features/5665a94d329ff0ca7c62aca1/STA039DV.jpg?format=jpg&quality=80&width=850&ratio=1-1&resize=aspectfit';
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSLVERSION, 5);
var_dump(strlen(curl_exec($curl)));
jetibbetts commented 2 years ago

The first code does indeed fail with the same original error.

The results of the CURL code is: int(0)

ausi commented 2 years ago

The results of the CURL code is: int(0)

int(0) means that CURL was not able to load the data. With the following test code you should get an error message printend too.

$url = 'https://cdn.onebauer.media/one/empire-images/features/5665a94d329ff0ca7c62aca1/STA039DV.jpg?format=jpg&quality=80&width=850&ratio=1-1&resize=aspectfit';
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSLVERSION, 5);
var_dump(strlen(curl_exec($curl)));
var_dump(curl_errno($curl));
var_dump(curl_error($curl));
jetibbetts commented 2 years ago

It's the original curl error:

int(0) int(35) string(72) "error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version"

ausi commented 2 years ago

Then you need to fix the CURL setup on your server I think.

You can also disable CURL for PHP, then Imagine would fallback to file_get_contents() automatically.

ArniPL commented 2 years ago

We have the same problem. It looks like the curl_setopt($curl, CURLOPT_SSLVERSION, 5); is the issue here. Now Imagine can't open remote images from servers that disabled TLS 1.1.

Why does Imagine force curl to use the deprecated TLS 1.1 version? Shouldn't this be negotiated automatically, as it is by default? Thanks!

radli commented 1 year ago

We have the same problem. It looks like the curl_setopt($curl, CURLOPT_SSLVERSION, 5); is the issue here. Now Imagine can't open remote images from servers that disabled TLS 1.1.

Why does Imagine force curl to use the deprecated TLS 1.1 version? Shouldn't this be negotiated automatically, as it is by default? Thanks!

that's right, you're right: https://en.wikipedia.org/wiki/Transport_Layer_Security image