Home » Php » php – curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to domain.com:443

php – curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to domain.com:443

Posted by: admin July 12, 2020 Leave a comment

Questions:

I’m hitting my curl on ubuntu terminal and getting this response curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to domain.com:443 . I really can’t understand why it happens. I tried to show curl’s error number but it did not revert any no. I am hitting another server. Below is my command :

./curl -i --tlsv1.2 -kv -H "Content-Type: application/xml" --verbose -X POST --data /var/www/html/xml.xml --cacert /root/curl_ssl/curl-7.54.1/src/cert_org.crt domain.com/otp

Please suggest some help.

How to&Answers:

For sites that use the old SSL protocol, this error may occur with CURL on Linux. According to the SSL/TLS protocol specification, the reason may be that the client hello uses the support group option that is not supported by the peer.
The solution is to use sslscan for probing and get the protocol version and cipher suite supported by the peer.
SSLscan (Github)

Answer:

The problem is that the site supports only ciphers that are no longer considered secure, i.e. ciphers based on 3DES and RC4. The default ciphers in the ssl library do not include these ciphers for security reasons.

To add support for these ciphers, you can manually set the default cipher Suite. The next line sets DES-CBC3-SHA as the proposed cipher.

curl --cipher DES-CBC3-SHA <your parameters>

Use this for all sites is not safe.
Note that this option should only be used for this legacy site.