[root@vagrant-centos65 you-get]# curl -v https://api.xxx.cn * About to connect() to api.xxx.cn port 443 (#0) * Trying 123.xxx.xx.xx... connected * Connected to api.xxx.cn (123.xxx.xx.xx) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12286 * Closing connection #0 * SSL connect error curl: (35) SSL connect error [root@vagrant-centos65 you-get]# curl --version curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
asked Apr 22, 2016 at 7:18
If updating cURL doesn’t fix it, updating NSS should do the trick.
mwfearnley
3,1372 gold badges31 silver badges35 bronze badges
answered Dec 1, 2016 at 18:35
4
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
You are using a very old version of curl.
My guess is that you run into the bug described 6 years ago. Fix is to update your curl.
answered Apr 22, 2016 at 9:05
Steffen UllrichSteffen Ullrich
110k10 gold badges129 silver badges167 bronze badges
1
If you are using curl versions curl-7.19.7-46.el6.x86_64 or older. Please provide an option as -k1 (small K1).
answered Feb 3, 2017 at 13:47
1
What if your cURL requests cannot connect your Website using SSL, isn’t it frustrating?
Usually, PHP cURL SSL connect error 35 occur due to version mismatch or outdated cURL package.
At Bobcares, we often get requests to fix SSL cURL errors, as a part of our Server Management Services.
Today, let’s see how our Support Engineers fix PHP cURL SSL connect error 35 for our customers.
What is PHP curl SSL connect error 35?
Before getting deeper into the error, firstly let’s understand what is PHP cURL.
cURL stands for Client for URL. Usually, PHP uses cURL to connect to the specified website URL. Here we are discussing cURL request to an SSL website.
In many situations, when a server tries to connect to an SSL website, the cURL request ends up in an error message.
cURL error (35): SSL connect error.The error message denotes that there is an error somewhere in SSL/TLS handshake. In short, the cURL error code 35 denotes an SSL connection error.
The error can be due to an outdated cURL package, connection errors or else a version mismatch between the PHP cURL and SSL protocol of the end server.
A sample error at a Drupal website will show up as:
How we fix the PHP cURL SSL connect error?
So far, we have seen what is PHP cURL SSL connect error. Our Dedicated Engineers with expertise over a decade usually fix this error for our customers.
As the first step of troubleshooting, we check the webserver log.
It gives a detailed summary of all the SSL/TLS handshakes. From this data, our experts find the exact reason for the timeout.
1. SSL protocol of destination site
In most cases, errors will be with the PHP cURL versions in the server.
For instance, the command-line cURL may be using the latest version and the SSL protocol may be outdated.
Meanwhile, if the server tries to connect to an endpoint with an older SSL protocol, it fails and ends up in cURL error 35. This is particularly applicable with outdated SSL protorcols like SSLv2, SSLv3.
So, we check the versions of the cURL and SSL protocol. Later, if there is any version mismatch, our Support Engineers update it to the latest.
2. Outdated cURL package
Similarly, an outdated cURL package in the servers shows up the SSL connect error. In this case, our Support Engineers check the cURL version in the server.
rpm -qa | grep curlThis command gives the currently used cURL version in the server.
Later, we update the cURL package to the latest version. After that, we update the Network Security Services (NSS) package on the server using:
yum update -y nssThis fixes the package and the error does not show up again.
3. Customizing cURL configuration
Some customers customize the cURL settings on the server. However, improper setting of the PHP cURL configuration file leads to error 35.
In such cases, our Support Team check the configuration file and correct it.
Here, we first confirm the availability of cURL module support for PHP with the command:
php -i | grep -i curlFor example, the correct settings appear as:
/etc/php.d/curl.ini,
curl
cURL support => enabled
cURL Information => 7.66.0We also ensure that the website uses the correct PHP version with cURL support.
4. Firewall restrictions
In many cases, the cURL SSL error can happen due to firewall restrictions on the server too. For example, when network administrators ban SSL connections, none of the data transactions to or from the server happens.
Thus, we always check the firewall on the server and ensure that the server accepts SSL port connections from selected APIs and networks.
[Still having trouble in fixing PHP cURL SSL connect error? – We’ll fix it for you.]
Conclusion
In short, PHP cURL SSL connect error 35 usually occur due to version mismatch of cURL and SSL, outdated cURL package, firewall restrictions and so on. Today, we also saw how our Support Engineers fix this error for our customers.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
GET STARTED
var google_conversion_label = «owonCMyG5nEQ0aD71QM»;
Comments
bagder
added a commit
that referenced
this issue
Nov 12, 2018
bagder
added a commit
that referenced
this issue
Nov 13, 2018
bagder
added a commit
that referenced
this issue
Dec 2, 2018
Reported-by: Paul Howarth
Fixes #3261
pghmcfc
added a commit
to pghmcfc/curl
that referenced
this issue
Dec 3, 2018
NSS may be built without support for the latest SSL/TLS versions,
leading to "SSL version range is not valid" errors when the library
code supports a recent version (e.g. TLS v1.3) but it has explicitly
been disabled.
This change adjusts the maximum SSL version requested by libcurl to
be the maximum supported version at runtime, as long as that version
is at least as high as the minimum version required by libcurl.
Fixes curl#3261
pghmcfc
added a commit
to pghmcfc/curl
that referenced
this issue
Dec 4, 2018
NSS may be built without support for the latest SSL/TLS versions,
leading to "SSL version range is not valid" errors when the library
code supports a recent version (e.g. TLS v1.3) but it has explicitly
been disabled.
This change adjusts the maximum SSL version requested by libcurl to
be the maximum supported version at runtime, as long as that version
is at least as high as the minimum version required by libcurl.
Fixes curl#3261
lock
bot
locked as resolved and limited conversation to collaborators
Mar 5, 2019
cURL connects with the website using SSL – This is a usual process between the server and you! Sometimes, it will show an error by saying cURL isn’t connecting with your website. And, you need to search for the solution right now! We’ll give you some guess maybe the package of cURL is outdated or mismatch version of PHP.
What exactly is cURL? It is nothing but “Client for URL”! Yes, PHP takes the responsibility to connect cURL with your website using SSL. Whenever the server takes the first step to getting connected with the SSL website it retrieves a message of error saying
Code:
cURL error (35): SSL connect error.Maybe the handshake of TLS or SSL is the reason behind this error.
Let’s confirm this error in detail:
The error you got with the number is 35 and it says SSL is not ready for connection. Check the package of cURL and the version in-between protocol of SSL and cURL PHP.
Let’s start the fix by referring to the webserver log – The webserver log gives a detailed explanation on handshake of TLS or SSL.
- Destination website SSL protocol:
Most of the error hits gives in versions of PHP cURL. The outdated SSL protocol and the new version of the cURL command line will revert with error. In case, the server itself tries to get connected with the old format of SSL protocol of course it gives you an error 35. Whatever may the versions of SSLv3 and SSLv2 you will get the result as error 35.
Solution: Update the latest package of SSL protocol and cURL for better results.
- cURL outdated package:
As said before, another reason behind error 35 is the outdated package of Client for URL. Check the cURL version using the below-mentioned command:
This command will give the result of the current version you using up. After the check, you can move on with the new version of cURL. Once if you update the new version of cURL then start update on NSS (Network Security Services) using the below-mentioned command:
By now, you won’t be visible with error 35.
Solutions: Check the package of cURL and make it according to the current situation!
- Configuration of customized cURL:
Most of the users do customization of cURL frequently. In case, if the settings of cURL are wrong it may end up with error 35.
Use the below-mentioned command for checking the settings of cURL:
If the setting is correct please confirm it by below results:
Code:
/etc/php.d/curl.ini,
curl
cURL support => enabled
cURL Information => 7.66.0Here, the version is correct so, no more error 35.
Solution: Check the current version of cURLand configuration settings too!
- Restrictions in the firewall:
Due to the restrictions made in the firewall, error 35 occurs with the compact reason of cURL and SSL protocol. The server doesn’t respond to anything if the administrator of the network bans SSL connections. You can’t get any response from the server in and out.
Solution: Do check on the server activity whether it accepts the connection of SSL only from the chosen network and APIs.
We have given you more steps and analysis for cURL can’t connect with SSL connections. I Hope, you might get an idea for improper connections between cURL and SSL protocol. Look out our solutions deep to figure out current scenarios. We have depicted the nature of cURL customization and SSL protocol activity. Guess it gives a way for the fix!
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
Statistics
The technical storage or access that is used exclusively for statistical purposes.
The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
If sending is not working as expected and you see this error message displayed when checking your task scheduler connection, it means something is preventing your emails to be sent.
The cURL error 35 can appear when the cURL function cannot connect to your website using SSL.
Curl often uses a different set of certificates, shipped with PHP. There are several things that can cause this problem, in most cases updating both cURL and PHP to a newer version will resolve this issue.
If this doesn’t resolve the problem, please contact your web hosting company, as they can check why cURL is having issues.
Did this answer your question?
Thanks for the feedback
There was a problem submitting your feedback. Please try again later.
Last updated on June 10, 2020