Closed davalb closed 8 years ago
Hi @davalb
The error message suggests that the client is stil relying on SSLV3 but the server doesn't allow that anymore. What version of openssl are you using?
Hi @ricbra , I use OpenSSL 1.0.1f 6 Jan 2014
. Do you know if that version is sufficient? Thanks
Sorry, that was wrong. The error-message was from my local development-machine which uses only OpenSSL 0.9.8zg 14 July 2015
.
I'm also running OpenSSL 0.9.8zg 14 July 2015
so that shouldn't be the problem.
Guess something is wrong with curl or php config?
I also tried https, and it worked.
Same problem.
What's the output of a manual curl call like this:
$ curl -v https://api.discogs.com/
* Trying 216.151.17.131...
* Connected to api.discogs.com (216.151.17.131) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.discogs.com
* Server certificate: DigiCert SHA2 Secure Server CA
* Server certificate: DigiCert Global Root CA
> GET / HTTP/1.1
> Host: api.discogs.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.8.1
< Date: Thu, 24 Mar 2016 08:34:00 GMT
< Content-Type: application/json
< Content-Length: 196
< Connection: keep-alive
< X-Discogs-Media-Type: discogs.v2
< Cache-Control: public, must-revalidate
< Access-Control-Allow-Origin: *
<
* Connection #0 to host api.discogs.com left intact
{"documentation_url": "http://www.discogs.com/developers/", "statistics": {"labels": 864887, "releases": 6977589, "artists": 4344451}, "hello": "Welcome to the Discogs API.", "api_version": "2.0"}
Tried it on two different servers:
* About to connect() to api.discogs.com port 443 (#0) * Trying 216.151.17.131... connected * Connected to api.discogs.com (216.151.17.131) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12286 * Closing connection #0 * SSL connect error curl: (35) SSL connect error
Seems like the problem is TLS vs SSL
When I try the curl command, I get a succesfull response
curl -v https://api.discogs.com/
* Trying 216.151.17.131...
* Connected to api.discogs.com (216.151.17.131) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: *.discogs.com
* Server certificate: DigiCert SHA2 Secure Server CA
* Server certificate: DigiCert Global Root CA
> GET / HTTP/1.1
> Host: api.discogs.com
> User-Agent: curl/7.47.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.8.1
< Date: Sat, 26 Mar 2016 20:23:00 GMT
< Content-Type: application/json
< Content-Length: 196
< Connection: keep-alive
< X-Discogs-Media-Type: discogs.v2
< Cache-Control: public, must-revalidate
< Access-Control-Allow-Origin: *
<
* Connection #0 to host api.discogs.com left intact
{"documentation_url": "http://www.discogs.com/developers/", "statistics": {"labels": 865753, "releases": 6985048, "artists": 4347882}, "hello": "Welcome to the Discogs API.", "api_version": "2.0"}
I still get the handshake-failures in my tests though. At least on my production server everything is working...
Could you try out PR https://github.com/ricbra/php-discogs-api/pull/36 and check if the problem still persists?
@ricbra : I still have the problem :/
That's odd... The configuration tells curl to use TLS v1.2 which is the recommended version.
What are your OS and php versions?
HI @ricbra, just had some time to look at it again. With your new code I get a new error message:
cURL error 35: Unsupported SSL protocol version
I am on OSX 10.10.5 (Yosemite) PHP is version 5.6.10 and curl 7.47.1
When I switch to php 5.6 on OS 10.10 it keeps working. I suspect you have somehow an outdated openssl install somewhere.
Perhaps you can try out manually which versions are supported like this:
require 'vendor/autoload.php';
$client = \Discogs\ClientFactory::factory();
var_dump($client->getHttpClient()->get('https://api.discogs.com', [
'config' => [
'curl' => [
CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_2
]
]
]));
You can force SSL version with following constants:
CURL_SSLVERSION_TLSv1_2
CURL_SSLVERSION_TLSv1
CURL_SSLVERSION_SSLv3
It works now on my development-machine, too. Unfortunately I don't know why.
Today I moved all discogs-related test-methods out of my ProductTest-class into a separate class, because they were failing constantly and I couldn't fix them. Once I had them in their seperate class the test-methods don't have the handshake-failure anymore. I am really non-plussed.
Glad to hear the problem is solved. Until someone convinces me the error is in this library, I'm closing this for now.
This might not be a problem with this library, but maybe somebody here knows what goes wrong here:. I get this error when I use the
getRelease
call of the API. I get similar errors on other calls as well. Anybody know what is going on? I read on the Discogs forum that they switched to https only yesterday. My Api is configured to callhttps://api.discogs.com
already.