douyunjiaok300404 2015-01-12 14:59
浏览 156
已采纳

验证curl是否正在使用TLS

In my PHP app I use PHP's CURL and openssl, to connect and talk using SOAP. Until now, remote server supported SSL and TLS but because of "poodle" bug, admin decided to disable SSL and use TLS only. SSL is supported until the end of January.

I changed my code by adding:

curl_setopt($objCurl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);

That in theory should force curl to use TLSv1.2.

But that's theory - I need to verify that it actually uses TLS - is there any method for that? There is a method called curl_getinfo(), but info it returns is not useful for me:

[url] => https://www.example.com/soap/MessagingPort
[content_type] => text/xml;charset=utf-8
[http_code] => 200
[header_size] => 293
[request_size] => 882
[filetime] => -1
[ssl_verify_result] => 0
[redirect_count] => 0
[total_time] => 0.164487
[namelookup_time] => 3.4E-5
[connect_time] => 3.4E-5
[pretransfer_time] => 0.000122
[size_upload] => 604
[size_download] => 178
[speed_download] => 1082
[speed_upload] => 3672
[download_content_length] => 178
[upload_content_length] => 604
[starttransfer_time] => 0.164477
[redirect_time] => 0

Big Thanks in advance

  • 写回答

2条回答 默认 最新

  • dongre9937 2015-07-10 23:04
    关注

    Short Answer

    Make a request with curl to https://www.howsmyssl.com/ 

    <?php 
$ch = curl_init('https://www.howsmyssl.com/a/check');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
curl_close($ch);

$json = json_decode($data);
echo $json->tls_version;

    that should output what TLS version was used to connect.

    Digging Deeper

    Curl relies on the underlying OpenSSL (or NSS) library to do the negotiation of the secure connection. So I believe the right question to ask here is what is the OpenSSL library capable of. If it can handle a TLS connection, then curl can handle a TLS connection.

    So how to figure out what the openssl (or NSS) library is capable of?

    <?php    
$curl_info = curl_version();
echo $curl_info['ssl_version'];

    which is going to dump out something like 

    OpenSSL/1.0.1k

    Then you can go and have a look at the release notes for that version and see if it includes TLS support.

    OpenSSL Release notes - https://www.openssl.org/news/changelog.html

    NSS Release notes - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases

    Spoiler Alert

    • openssl includes support for TLS v1.1 and TLS v1.2 in OpenSSL 1.0.1 [14 Mar 2012]
    • NSS included support for TLS v1.1 in 3.14
    • NSS included support for TLS v1.2 in 3.15
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 计算二重积分∫∫e^(x+y)dxdy,其中0≤x≤1,0≤y≤1,试分别用复合辛普森公式(取n=4)以及高斯求积公式(取n=4)计算积分 给出matlab程序
  • ¥15 opencv 无法读取视频
  • ¥15 用matlab 实现通信仿真
  • ¥15 按键修改电子时钟,C51单片机
  • ¥60 Java中实现如何实现张量类,并用于图像处理(不运用其他科学计算库和图像处理库))
  • ¥20 5037端口被adb自己占了
  • ¥15 python:excel数据写入多个对应word文档
  • ¥60 全一数分解素因子和素数循环节位数
  • ¥15 ffmpeg如何安装到虚拟环境
  • ¥188 寻找能做王者评分提取的