PHP kann nicht sicher mit Peer kommunizieren: Kein gemeinsamer Verschlüsselungsalgorithmus (en) mit TLS1.3Php

PHP-Programmierer chatten hier
Post Reply Previous topicNext topic
Guest
 PHP kann nicht sicher mit Peer kommunizieren: Kein gemeinsamer Verschlüsselungsalgorithmus (en) mit TLS1.3

Post by Guest »

Ich habe Probleme mit PHP (v8.2.25), curl (v7.29.0), OpenSSL (v1.0.2k) mit einer Anforderung blockiert, und ich denke, dies liegt an einem Mangel an TLSV1.3 -Unterstützung
Ich verwende den folgenden Code, um meine Verbindung gegen https://www.howsmysl.com/a/check zu testen, um zu sehen, ob die TLS -

Code: Select all

function get_tls_version($tlsVersion)
{
$c = curl_init();
curl_setopt($c, CURLOPT_URL, "https://www.howsmyssl.com/a/check");
curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
curl_setopt($c, CURLOPT_SSLVERSION, $tlsVersion);

$rbody = curl_exec($c);
if ($rbody === false) {
$errno = curl_errno($c);
$msg = curl_error($c);
curl_close($c);
return "Error! errno = " . $errno . ", msg = " . $msg;
} else {
$r = json_decode($rbody);
curl_close($c);
return $r->tls_version;
}
}
echo '
';
echo "OS: " . PHP_OS . "\n";
echo "uname: " . php_uname() . "\n";
echo "PHP version: " . phpversion() . "\n";

$curl_version = curl_version();
echo "curl version: " . $curl_version["version"] . "\n";
echo "SSL version: " . $curl_version["ssl_version"] . "\n";
echo "SSL version number: " . $curl_version["ssl_version_number"] . "\n";
echo "OPENSSL_VERSION_NUMBER: " . dechex(OPENSSL_VERSION_NUMBER) . "\n";

echo "\nTesting CURL_SSLVERSION_TLSv... (not forced)\n";
echo "Result TLS_Default: " . get_tls_version(0) . "\n";
echo "Result TLS_v1_1: " . get_tls_version(5) . "\n";
echo "Result TLS_v1_2: " . get_tls_version(6) . "\n";
echo "Result TLS_v1_3: " . get_tls_version(7) . "\n";

echo "\nTesting CURL_SSLVERSION_MAX_TLSv...\n";
echo "Result MAX_Default: " . get_tls_version(65536) . "\n";
echo "Result MAX_TLS_v1_1: " . get_tls_version(327680) . "\n";
echo "Result MAX_TLS_v1_2: " . get_tls_version(393216) . "\n";
echo "Result MAX_TLS_v1_3: " . get_tls_version(458752) . "\n";
< /code>
Dies gibt < /p>
zurückOS: Linux
uname: Linux XXX.com 3.10.0-1160.59.1.el7.x86_64 #1 SMP Wed Feb 23 16:47:03 UTC 2022 x86_64
PHP version: 8.2.25
curl version: 7.29.0
SSL version: NSS/3.90
SSL version number: 0
OPENSSL_VERSION_NUMBER: 100020bf

Testing CURL_SSLVERSION_TLSv... (not forced)
Result TLS_Default: TLS 1.2
Result TLS_v1_1: TLS 1.1
Result TLS_v1_2: TLS 1.2
Result TLS_v1_3: Error! errno = 35, msg = Cannot communicate securely with peer: no common encryption algorithm(s).

Testing CURL_SSLVERSION_MAX_TLSv...
Result MAX_Default: TLS 1.2
Result MAX_TLS_v1_1: TLS 1.2
Result MAX_TLS_v1_2: TLS 1.2
Result MAX_TLS_v1_3: TLS 1.2
Für TLSV1.3 Ich erhalte, dass der Fehler nicht sicher mit Peer kommunizieren kann: Kein gemeinsamer Verschlüsselungsalgorithmus (en).

Code: Select all

{
"given_cipher_suites": [
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA256",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA"
],
"ephemeral_keys_supported": true,
"session_ticket_supported": false,
"tls_compression_supported": false,
"unknown_cipher_suite_supported": false,
"beast_vuln": false,
"able_to_detect_n_minus_one_splitting": false,
"insecure_cipher_suites": {
"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA": [
"uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"
],
"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA": [
"uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"
]
},
"tls_version": "TLS 1.2",
"rating": "Bad"
}
Wenn ich curl nehme und curl -Request Post 'https://ssl.reddit.com/api/v1/access_token' -v -i Ich nehme SSL ab Verbindung unter Verwendung von TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (die in der obigen Liste angezeigt wird, aber die spezifische Website, die ich versuche, eine Anfrage zur Rückgabe eines 403 zurückzugeben). Holen Sie sich die SSL -Verbindung mit TLS_AES_128_GCM_SHA256 (der in der obigen Liste nicht angezeigt wird) ..
Ist Reddits Access_Token -API -Endpoint -Blockierungsanforderung, die TLSV1.2 verwenden,
Was muss ich tun, um die TLSV1.3 -Anforderung ordnungsgemäß zu senden? < /p>
Top
Post Reply Previous topicNext topic

Quick Reply

Change Text Case: 
   
  • Similar Topics
    Replies
    Views
    Last post

Return to “Php”