-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libcurl + Guzzle TLS error thrown for cURL less than 7.34 #3219
Comments
Thanks for getting in touch. What does your code look like? Can you show the stack trace? What is your |
Note that it is not a bug that if you manually specify |
This fact is documented at https://github.com/guzzle/guzzle/blob/429cb6702659329819fb40c9487eac3132bdd80b/docs/request-options.rst#crypto_method. The reason is we need to behave in a secure way. If we can't verify that tls 1.2 or higher is actually used, then we must fail. |
We are using curl 7.29 as the version that our PHP is linked against.
|
Full Stacktrace for you:
|
Ok. The best thing to do here is to upgrade your curl version. I'm not sure if all the security fixes are backported to the build you have, but if not, it is horribly insecure. The other thing I would recommend if you'd prefer not doing that would be to downgrade to a version of that library before they added that code or to fork it and remove it. Finally, you could fork it and instruct guzzle to not use the curl handler, and use the PHP-native implementation which is slower, but may be fast enough for you. |
I was thinking more about this. Maybe Guzzle should only try and use it's curl handler by default if libcurl is at least 7.34. That may be enough to fix your issue. |
Guzzle version(s) affected: 7.6 to 7.8.1
PHP version: 8.2
cURL version: 7.21.3 to 7.33 (inclusive)
Description
The PHP constant
CURL_SSLVERSION_TLSv1_2
being used to check thecrypto_method
option does not exist until cURL version 7.34This results in the following error being thrown:
We have support for TLS v1.2 so this is not an accurate error:
The text was updated successfully, but these errors were encountered: