osx 10.10 Curl POST to HTTPS url gives SSLRead() error
Solution 1:
I've seen this error happen when php is compiled with a version of cURL that uses Apple's Secure Transport under Yosemite and the target of the URL request doesn't support SSLv3 (which was probably disabled due to the POODLE vulnerability). What is the output of this command?
$ php -i | grep "SSL Version"
I suspect you'll see this:
SSL Version => SecureTransport
You can overcome this by installing a version of php which uses a version of cURL which uses OpenSSL instead of SecureTransport. This is most easily done with homebrew. So install that first if you don't already have it. If homebrew is installed but you haven't run brew update
since upgrading to Yosemite, do that first. Also make sure you've installed XCode >= 6.1 and the latest XCode command line tools. brew doctor
will tell you if you've done it all right.
Add the Homebrew taps below that you will need in order to get brewed php installed. Skip this step if these repos are already tapped. If you're unsure if these repos are already tapped, just run the commands below. Worst case scenario, you'll get a harmless Warning: Already tapped!
$ brew tap homebrew/dupes
$ brew tap homebrew/versions
$ brew tap homebrew/php
Then install curl with openssl:
$ brew install --with-openssl curl
Then install php using the curl you just installed and brewed openssl:
$ brew install --with-homebrew-curl --with-httpd24 php55
if using apache, make sure to add
LoadModule php5_module /usr/local/opt/php55/libexec/apache2/libphp5.so
to your/etc/apache2/httpd.conf
and restart apache.if not using apache 2.4, you can remove
--with-httpd24
from the above command.-
if using nginx, follow the caveat instuctions for starting fpm:
To launch php-fpm on startup:
mkdir -p ~/Library/LaunchAgents cp /usr/local/opt/php55/homebrew.mxcl.php55.plist ~/Library/LaunchAgents/ launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.php55.plist
Install any php extensions you're going to need eg. mcrypt
.
$ brew install php55-mcrypt
After you're done, run this again:
$ php -i | grep "SSL Version"
And you should see:
SSL Version => OpenSSL/1.0.2h
And now, re-test your application and the SSLRead() return error -9806
should go away.
Solution 2:
This SSL error (OSStatus code: 9806) means that your connection is terminated by the server due to an error in establishing the connection (e.g. on some invalid command). This seems to happens only on occasions when the SSL connection to remote host drops in between.
This is not well documented by SSL manual (SSL_get_error
), however this error message comes from libcurl
built which is used by the SecureTransport/Darwinssl TLS backend (you can find its OSStatus in SecureTransport.h
header file):
errSSLClosedAbort = -9806, /* connection closed via error */
From my experience, this usually happens when you're behind the proxy or connected to a limited network which uses authentication mechanism.
So please verify that you're connected to the right network (via WiFi) and your other HTTPS works correctly. If not, check if you need to specify proxy credentials or your ISP is overriding the certificate chain and requires some kind of authentication or it's basically blocking access to certain sites in their firewall.
Solution 3:
I had a similar issue with SSLRead() return error -9806
error, and also I had SSL Version => SecureTransport
.
But in my case the problem was that I was setting curl CURLOPT_HTTP_VERSION
option:
$curl = curl_init();
curl_setopt($curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
If you remove that option, cURL will decide which version to use by default. Check curl_setopt documentation for more.
That worked for me, and I didn't need to change anything with cURL nor PHP. But this is a solution of one of many cases where error -9806
appears.