Search code examples
phpcurlsslgouttesymfony-components

Goutte - TLSv1 protocol version error


I'm using Goutte to get a page on a web server using an SSL certificate. Whenever I try to get this page the the following exception is thrown:

Uncaught exception 'Guzzle\\Http\\Exception\\CurlException' with message 
'[curl] 35: error:1407742E:SSL 
routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version 
[url] https://somesite.com 

I have been looking online for this type of error. It seems that this error happens when there is a handshake failure. The server seems to support TLSv1 and the client uses SSL23.

I'm not sure if this assessment is correct nor do I know how to correct it.

This is the code I'm currently using:

<?php
use Goutte\Client;
$client = new Client();
$guzzle = $client->getClient();
$guzzle->setConfig( 
    array(
        'curl.CURLOPT_SSL_VERIFYHOST' => false,
        'curl.CURLOPT_SSL_VERIFYPEER' => false,
    )
);

$client->setClient($guzzle);
$crawler = $client->request('GET', 'https://somesite.com'); // IT FAILS HERE

UPDATE:

NOTE: I started getting a few weeks ago a similar error, so I thought I would update the question and answer as they are related.

I got a similar error:

[curl] 35: Unknown SSL protocol error in connection to website.com:443 

Solution

  • I found the answer to this problem in the blogpost "Fixing SSL Handshake with PHP5 and Curl"

    This error can happen in some operating systems but not in all making it a hard issue to replicate. I am currently using Ubuntu 12.04 in my development environment.

    Thankfully this is something that can be addressed at the code level like this:

    use Goutte\Client;
    $client = new Client();
    $guzzle = new GuzzleClient('https://somesite.com', array(
        'curl.options' => array(
            'CURLOPT_SSLVERSION' => 'CURL_SSLVERSION_TLSv1',
        )
    ));
    $client->setClient($guzzle);
    $crawler = $client->request('GET', 'https://somesite.com');
    

    UPDATE:

    For the solution for the message

    [curl] 35: Unknown SSL protocol error in connection to website.com:443 
    

    was a bit tricky to resolve as the message gives no indication of what is going on.

    This GitHub issue pointed me in the right direction tho. There are multiple versions of the CURLOPT_SSLVERSION I can use (of course!), but these include v1.0, v1.1, and v1.2! See the curl_setopt for more information.

    For this particular error I ended up using the following code:

    $guzzle = new GuzzleClient('https://somesite.com', array(
        'curl.options' => array(
            'CURLOPT_SSLVERSION' => 'CURL_SSLVERSION_TLSv1_1',
        )
    ));
    

    The site I was trying to connect to would not accept any other option including CURL_SSLVERSION_TLSv1.