What if your cURL requests cannot connect your Website using SSL, isn’t it frustrating?
Usually, PHP cURL SSL connect error 35 occur due to version mismatch or outdated cURL package.
At Bobcares, we often get requests to fix SSL cURL errors, as a part of our Server Management Services.
Today, let’s see how our Support Engineers fix PHP cURL SSL connect error 35 for our customers.
What is PHP curl SSL connect error 35?
Before getting deeper into the error, firstly let’s understand what is PHP cURL.
cURL stands for Client for URL. Usually, PHP uses cURL to connect to the specified website URL. Here we are discussing cURL request to an SSL website.
In many situations, when a server tries to connect to an SSL website, the cURL request ends up in an error message.
cURL error (35): SSL connect error.The error message denotes that there is an error somewhere in SSL/TLS handshake. In short, the cURL error code 35 denotes an SSL connection error.
The error can be due to an outdated cURL package, connection errors or else a version mismatch between the PHP cURL and SSL protocol of the end server.
A sample error at a Drupal website will show up as:
How we fix the PHP cURL SSL connect error?
So far, we have seen what is PHP cURL SSL connect error. Our Dedicated Engineers with expertise over a decade usually fix this error for our customers.
As the first step of troubleshooting, we check the webserver log.
It gives a detailed summary of all the SSL/TLS handshakes. From this data, our experts find the exact reason for the timeout.
1. SSL protocol of destination site
In most cases, errors will be with the PHP cURL versions in the server.
For instance, the command-line cURL may be using the latest version and the SSL protocol may be outdated.
Meanwhile, if the server tries to connect to an endpoint with an older SSL protocol, it fails and ends up in cURL error 35. This is particularly applicable with outdated SSL protorcols like SSLv2, SSLv3.
So, we check the versions of the cURL and SSL protocol. Later, if there is any version mismatch, our Support Engineers update it to the latest.
2. Outdated cURL package
Similarly, an outdated cURL package in the servers shows up the SSL connect error. In this case, our Support Engineers check the cURL version in the server.
rpm -qa | grep curlThis command gives the currently used cURL version in the server.
Later, we update the cURL package to the latest version. After that, we update the Network Security Services (NSS) package on the server using:
yum update -y nssThis fixes the package and the error does not show up again.
3. Customizing cURL configuration
Some customers customize the cURL settings on the server. However, improper setting of the PHP cURL configuration file leads to error 35.
In such cases, our Support Team check the configuration file and correct it.
Here, we first confirm the availability of cURL module support for PHP with the command:
php -i | grep -i curlFor example, the correct settings appear as:
/etc/php.d/curl.ini,
curl
cURL support => enabled
cURL Information => 7.66.0We also ensure that the website uses the correct PHP version with cURL support.
4. Firewall restrictions
In many cases, the cURL SSL error can happen due to firewall restrictions on the server too. For example, when network administrators ban SSL connections, none of the data transactions to or from the server happens.
Thus, we always check the firewall on the server and ensure that the server accepts SSL port connections from selected APIs and networks.
[Still having trouble in fixing PHP cURL SSL connect error? – We’ll fix it for you.]
Conclusion
In short, PHP cURL SSL connect error 35 usually occur due to version mismatch of cURL and SSL, outdated cURL package, firewall restrictions and so on. Today, we also saw how our Support Engineers fix this error for our customers.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
GET STARTED
var google_conversion_label = «owonCMyG5nEQ0aD71QM»;
[root@vagrant-centos65 you-get]# curl -v https://api.xxx.cn * About to connect() to api.xxx.cn port 443 (#0) * Trying 123.xxx.xx.xx... connected * Connected to api.xxx.cn (123.xxx.xx.xx) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12286 * Closing connection #0 * SSL connect error curl: (35) SSL connect error [root@vagrant-centos65 you-get]# curl --version curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
asked Apr 22, 2016 at 7:18
If updating cURL doesn’t fix it, updating NSS should do the trick.
mwfearnley
3,2232 gold badges32 silver badges35 bronze badges
answered Dec 1, 2016 at 18:35
4
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
You are using a very old version of curl.
My guess is that you run into the bug described 6 years ago. Fix is to update your curl.
answered Apr 22, 2016 at 9:05
Steffen UllrichSteffen Ullrich
112k10 gold badges130 silver badges171 bronze badges
1
If you are using curl versions curl-7.19.7-46.el6.x86_64 or older. Please provide an option as -k1 (small K1).
answered Feb 3, 2017 at 13:47
1
@4ainik
начинал с бейсика на 286 в 1994
При выполнении запроса по https курл выдает ошибку
curl: error: 35, ‘error:14094410:ssl routines:ssl3_read_bytes:sslv3 alert handshake failure
В данном случае речь идет о модуле curl, который вызывается из php!
В чем причина?
-
Вопрос заданболее трёх лет назад
-
8278 просмотров
Пригласить эксперта
Проблема с ssl сертификатом или curl. Обновить curl до последней версии или принудительно отправлять —force
Curl работает через openssl как правило. Либо стоит обновить openssl, либо сервер, на который вы обращаетесь выдает левый SSL сертификат
-
Показать ещё
Загружается…
05 июн. 2023, в 17:51
2800 руб./в час
05 июн. 2023, в 17:46
4500 руб./за проект
05 июн. 2023, в 17:42
15000 руб./за проект
Минуточку внимания
Hi guys,
I have problems connecting with Guzzle through a proxy to any SSL site. If I try it with standard cURL in PHP it works fine, however, with Guzzle the connection fails and returns:
[GuzzleHttpExceptionConnectException]
cURL error 35: Unknown SSL protocol error in connection to api.ipify.org:443
The cURL code that works well:
$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_PROXY => '1.2.3.4:1234',
CURLOPT_PROXYUSERPWD => "proxy:auth",
);
$ch = curl_init( 'https://api.ipify.org?format=json' );
curl_setopt_array( $ch, $options );
$content = curl_exec( $ch );
$err = curl_errno( $ch );
$errmsg = curl_error( $ch );
$header = curl_getinfo( $ch );
curl_close( $ch );
$header['errno'] = $err;
$header['errmsg'] = $errmsg;
$header['content'] = $content;
print_r($header);
The Guzzle code that fails:
// http client
$this->client = $client = new Client([
'cookies' => true
]);
$res = $this->client->request('GET', 'https://api.ipify.org?format=json', [
'proxy' => 'https://proxy:auth@1.2.3.4:1234',
'verify' => false,
'curl' => [
//CURLOPT_SSLVERSION => 3
//CURLOPT_SSLVERSION => CURL_SSLVERSION_DEFAULT,
CURLOPT_SSL_VERIFYPEER => false
],
]);
print_r($res);
Any ideas? I’m guessing it has something to do how Guzzle handles HTTP SSL requests, since it is also using cURL underlying, I am confused why this wouldn’t work.
Thanks
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
Statistics
The technical storage or access that is used exclusively for statistical purposes.
The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.