• WWW: PHP

  • Used CURL error:0A000152:SSL routines::unsafe legacy renegotiation disabled"

When I used CURL in PHP, I encountered the following error.
"OpenSSL/3.0.13: error:0A000152:SSL routines::unsafe legacy renegotiation disabled"

I tried many methods, but none of them worked.

For example:
-- Setting CURL parameters in PHP
CURLOPT_SSL_OPTIONS => CURLSSLOPT_ALLOW_BEAST | CURLSSLOPT_NO_REVOKE

-- Setting OPENSSL_CONF in PHP
putenv("OPENSSL_CONF=/usr/home/{USER}/domains/{DOMAIN}/public_html/openssl.cnf");

--- OpenSSL.cnf file content

[system_default_sect]
Options = UnsafeLegacyServerConnect

Also tried
[system_default_sect]
[ssl_sect]
system_default = system_default_sect

[system_default_sect]
CipherString = DEFAULT:@SECLEVEL=2
#Options = UnsafeLegacyRenegotiation
Options = UnsafeLegacyServerConnect

Also tried
nodejs_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation

None of them worked. How can I solve this problem?

Report the indicated error to the software provider you are trying to launch.

It may be a version problem. There is no problem in version 1.x, but there is a problem in version 3.0.x. I tested 3.3.1.x in the local environment and there is no problem.

    mt800 Can you share the example code to reproduce the problem?

      Thank you for your reply!
      I tested openssl on windows platform.

      <?php
      $url = 'https://bufftoon.plaync.com/';

      $ch = curl_init($url);
      curl_setopt_array($ch, [
      CURLOPT_RETURNTRANSFER => true,
      CURLOPT_SSL_VERIFYPEER => true,
      CURLOPT_SSL_VERIFYHOST => 2,
      CURLOPT_SSL_ENABLE_ALPN => true,
      CURLOPT_SSL_ENABLE_NPN => true,
      CURLOPT_SSL_OPTIONS => CURLSSLOPT_ALLOW_BEAST | CURLSSLOPT_NO_REVOKE,
      ]);
      $response = curl_exec($ch);

      if ($response === false) {
      $error = curl_error($ch);
      echo "cURL Error: " . $error;
      } else {
      // header('Content-Type: application/json');
      echo $response;
      }
      curl_close($ch);
      ?>

      Error message: cURL Error: OpenSSL/3.0.13: error:0A000152:SSL routines::unsafe legacy renegotiation disabled

        mt800 Thank for the example.

        I can confirm that curl/openssl has by default disabled unsafe legacy renegotiation

        $ curl -I "https://bufftoon.plaync.com"
curl: (35) OpenSSL/3.0.13: error:0A000152:SSL routines::unsafe legacy renegotiation disabled

        The workaround for now is to create own openssl.cnf:

        openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyServerConnect

        Using the new OpenSSL config with curl fix the issue:

        $ OPENSSL_CONF=~/openssl.cnf curl -I "https://bufftoon.plaync.com"
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 12
ETag: W/"c-QETVAhUYmmve97quvZif9EL6tqM"
Date: Sun, 07 Jul 2024 13:51:01 GMT
Connection: keep-alive
Keep-Alive: timeout=5

        You can apply similar solution to your PHP code.

          Thank you for your reply!
          How do I do this using PHP code?Thanks for knowing!

            6 months later