Clever Geek Handbook

Convert PHP code to curl command where only TLSv1 is allowed

How can I convert this php code to curl command? I want to use this code on a linux machine by running one curl command.

$headers = array(
      "Content-type: text/xml",
      "Content-length: " . strlen($xml)
);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this->url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 10000);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$data = curl_exec($ch);

I'm tired of this, but to no avail:

curl -X POST -H "Content-type: text/xml" -o output.txt -d "param1=param1&username=username&password=password" https://site.url.com -d @data.xml

Perhaps the problem is HTTPS because only TLSv1 is allowed on the site.

+3


source to share


3 answers


In php, you have to use:

curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);

The documentation says more TLS versions:



http://www.php.net/manual/en/function.curl-setopt.php

  • CURL_SSLVERSION_TLSv1_0
  • CURL_SSLVERSION_TLSv1_1
  • CURL_SSLVERSION_TLSv1_2

TLS versions only work with CURL version 7.34 or newer.

+4


source


If you want to force curl to use TLSv1 you can use the option --tlsv1

, docs :



-1, --tlsv1

(SSL) Forces curl to use TLS version 1.x when negotiating with a remote TLS server. You can use options --tlsv1.0, --tlsv1.1, and --tlsv1.2 to control the TLS version more precisely (if the SSL backend in use supports such a level of control).

-2, --sslv2

(SSL) Forces curl to use SSL version 2 when negotiating with a remote SSL server. Sometimes curl is built without SSLv2 support. SSLv2 is widely considered insecure.

-3, --sslv3

(SSL) Forces curl to use SSL version 3 when negotiating with a remote SSL server. Sometimes curl is built without SSLv3 support.
+1


source


The problem is not related to TLS / SSL. The client will automatically negotiate TLS. It looks like you need to POST some xml data and provide your credentials as GET parameters. This can be done by putting your GET parameters in the request url

I'm not sure about the syntax, but I'll try:

curl -X POST -H "Content-type: text/xml" -o output.txt https://site.url.com?param1=param1&username=username&password=password -d @data.xml

Also, (small off topic for the post above, but I cannot comment on it) please do not force SSL2, SSL3 or TLS1.0 as they have vulnerabilities. Most servers will automatically negotiate the best TLS version.

+1


source






More articles:


All Articles