curl php 35,php – 如何修复curl：(35)无法与对等体安全通信：没有常见的加密算法...

最新推荐文章于 2023-09-21 08:51:45 发布

小泽t

最新推荐文章于 2023-09-21 08:51:45 发布

阅读量1.6k

点赞数

文章标签： curl php 35

我正在尝试使用php curl从https://torrage.com访问和下载一些.torrent文件.

但没有什么发生,curl_error($ch)给出

$ch = curl_init ('https://torrage.com/torrent/640FE84C613C17F663551D218689A64E8AEBEABE.torrent');

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');

curl_setopt($ch, CURLOPT_HEADER, 1);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

curl_setopt($ch, CURLOPT_VERBOSE,true);

$data = curl_exec($ch);

$error = curl_error($ch);

curl_close ($ch);

echo $error;

这给了

Cannot communicate securely with peer: no common encryption algorithm(s).

如果我从这样的shell尝试

[root@prod1 yum.repos.d]# curl -I https://torrage.com

curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

在详细模式

[root@prod1 yum.repos.d]# curl -v https://torrage.com

* Rebuilt URL to: https://torrage.com/

* Trying 81.17.30.48...

* Connected to torrage.com (81.17.30.48) port 443 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

* CAfile: /etc/pki/tls/certs/ca-bundle.crt

CApath: none

* NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)

* Cannot communicate securely with peer: no common encryption algorithm(s).

* Closing connection 0

curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

系统信息中心7. x86_64

[root@prod1 yum.repos.d]# uname -a

Linux prod1.localdomain 3.10.0-229.4.2.el7.x86_64 #1 SMP Wed May 13 10:06:09 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

卷曲版本

[root@prod1 yum.repos.d]# curl -V

curl 7.29.0 (x86_64-redhat-linux-gnu)

openssl,已修补.

[root@prod1 yum.repos.d]# openssl version -a

OpenSSL 1.0.1e-fips 11 Feb 2013

built on: Mon Jun 15 18:39:20 UTC 2015

platform: linux-x86_64

options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)

compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM

OPENSSLDIR: "/etc/pki/tls"

engines: dynamic

验证openssl是否修补.

[root@prod1 yum.repos.d]# rpm -q --changelog openssl | grep CVE-2014-0224

- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support

- fix CVE-2014-0224 - SSL/TLS MITM vulnerability

我曾尝试过：

1)我已经尝试使用HTTP insted的HTTPS,但网站强制使用HTTPS.

例如

[root@prod1 yum.repos.d]# curl -I http://torrage.com

HTTP/1.1 301 Moved Permanently

Server: nginx/1.9.0

Date: Mon, 29 Jun 2015 04:13:17 GMT

Content-Type: text/html

Content-Length: 184

Connection: keep-alive

Location: https://torrage.com/

2)更新ca-bundle.crt

cp /etc/pki/tls/certs/ca-bundle.crt /root/backup/

curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt

3)将Curl更新到最新版本7.43.0

nano /etc/yum.repos.d/city-fan-for-curl.repo

与这个repo.

[CityFanforCurl]

name=City Fan Repo

baseurl=http://www.city-fan.org/ftp/contrib/yum-repo/rhel7/x86_64/

enabled=0

gpgcheck=0

然后做

yum update curl --enablerepo=CityFanforCurl

然后验证卷曲版本

[root@prod1 yum.repos.d]# curl -V

curl 7.43.0 (x86_64-redhat-linux-gnu) libcurl/7.43.0 NSS/3.18 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.6.0

Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp

Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets Metalink

4)我已经尝试过检查我的卷曲是否已经过时了.

[root@prod1 yum.repos.d]# curl -1IsS --ciphers ecdhe_ecdsa_aes_128_sha https://sslspdy.com

HTTP/1.1 200 OK

Server: nginx centminmod

Content-Type: text/html; charset=utf-8

Connection: close

Vary: Accept-Encoding

Strict-Transport-Security: max-age=31536000; includeSubdomains

Date: Mon, 12 Jan 1970 23:00:11 GMT

X-Page-Speed: ngx_pagespeed

Cache-Control: max-age=0, no-cache

我如何解决这个问题？并使用PHP Curl从Torrage.com下载文件？

*我不能使用file_get_contents,因为我正在使用curl_multi同时下载.

更新1：

正如Steffen-lullrich所提

[root@prod1 randoadmin]# curl --ciphers ecdhe_rsa_aes_128_gcm_sha_256 -I https://torrage.com

HTTP/1.1 200 OK

Server: nginx/1.9.0

Date: Mon, 29 Jun 2015 05:54:17 GMT

Content-Type: text/html; charset=UTF-8

Connection: keep-alive

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Mon, 29 Jun 2015 05:50:40 GMT

Cache-Control: no-store, no-cache, must-revalidate

Cache-Control: post-check=0, pre-check=0

Pragma: no-cache

Vary: Accept-Encoding, Accept-Encoding

Strict-Transport-Security: max-age=31536000

X-Frame-Options: DENY

X-Content-Type-Options: nosniff

但是用shell这样可以用PHP-curl实现它吗？

更新2：

我修改了代码并定义了使用curl的密码.

$ch = curl_init ('https://torrage.com/torrent/640FE84C613C17F663551D218689A64E8AEBEABE.torrent');

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');

curl_setopt($ch, CURLOPT_HEADER, 1);

curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'ecdhe_rsa_aes_128_gcm_sha_256');

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

curl_setopt($ch, CURLOPT_VERBOSE,true);

$data = curl_exec($ch);

$error = curl_error($ch);

curl_close ($ch);

echo $error;

echo $data ;

它的工作很棒.问题解决了很多谢谢steffen-lullrich.