cURL त्रुटि 35:

Question

मैं एक PHP घटक SSL के माध्यम से एक अनुरोध करने वाला URI कर्ल का उपयोग करता है से निम्न त्रुटि में चल रहा gnutls_handshake() विफल:

cURL error 35: gnutls_handshake() failed: A TLS packet with unexpected length was received. 

यह त्रुटि travis-ci.org वातावरण में होता है , लेकिन हमारे किसी भी परीक्षण वातावरण में नहीं। ट्रेविस-सीआई बिल्ड 144663700 देखें।

मुझे पता चला है कि ट्रैविस कार्यकर्ता में चल रहे PHP संस्करण को "उबंटू 12.04.5 एलटीएस" पर "जीएनयूटीएलएस/2.12.14" या "यूएनंटू 14.04.3" पर "जीएनयूटीएलएस/2.12.23" पर फिर से संकलित किया गया है LTS "।

हमारे विकास के वातावरण में, हम मानक संकुल डेबियन (विभिन्न संस्करणों) पर "OpenSSL/1.0.1t" के खिलाफ संकलित का उपयोग करें।

इसलिए, मुझे लगता है कि समस्या "जीएनयूटीएलएस/2.12.14" या "जीएनयूटीएलएस/2.12.23" या उन पैरामीटर से संबंधित है जिनके साथ उन्हें संकलित किया गया है।

मैं कर्ल निरंतर CURLOPT_SSLVERSION साथ एसएसएल संस्करणों सीमित की कोशिश की है, लेकिन यह समस्या का समाधान नहीं है।

www.ssllabs.com सवाल में मेजबान के अनुसार - api.reporting.cloud - TLS 1.2, TLS 1.1 और TLS 1.0 का समर्थन करता है।

किसी को भी मेरे लिए किसी भी संकेत या संकेत है?

Answer 1

मैं इस mailing list में समस्या का समाधान मिल गया:

The server doesn't like something in the TLS 1.2 support of gnutls 2.12 since if you disable it, it seems to work. The same server works with gnutls 3.2 and the only difference in the client hello of the two versions is that gnutls 3.2 has more features enabled.

मैं उपयोग कर रहा हूँ "GNUTLS-CLI (GNUTLS) 2.12.23" (उपयोग करने के लिए आवश्यक)।

निम्नलिखित रिटर्न ऊपर उल्लिखित त्रुटि:

gnutls-cli --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" api.reporting.cloud 

फिर भी, के लिए मजबूर "TLS 1.1" या "TLS 1.0", उम्मीद के रूप में वापस:

gnutls-cli --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1" api.reporting.cloud 
gnutls-cli --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" api.reporting.cloud 

अगले कदम इस सेटिंग को बनाने के लिए है PHP से CURL (दोषपूर्ण लाइब्रेरी संस्करण के विशिष्ट मामले में) से।

Answer 2

पीएचपी में, यह SSL प्रोटोकॉल कि कर्ल CURL_SSLVERSION_ * स्थिरांक के साथ उपयोग करता है को नियंत्रित करने के लिए संभव है।

की स्थापना करके:

curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); 

मैं "TLS 1.1" का उपयोग करने कर्ल मजबूर कर सकते हैं।

की स्थापना करके:

curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); 

मैं "TLS 1.0" का उपयोग करने कर्ल मजबूर कर सकते हैं।

सभी संभव एसएसएल प्रोटोकॉल का परीक्षण करने के लिए, मैं निम्नलिखित स्क्रिप्ट है, जो तब ट्रैविस-ci द्वारा निष्पादित किया जाता है बनाया:

<?php 

$sslVersions = [ 
    CURL_SSLVERSION_DEFAULT, 
    CURL_SSLVERSION_TLSv1, 
    CURL_SSLVERSION_TLSv1_0, 
    CURL_SSLVERSION_TLSv1_1, 
    CURL_SSLVERSION_TLSv1_2, 
    CURL_SSLVERSION_SSLv2, 
    CURL_SSLVERSION_SSLv3, 
]; 

var_dump(curl_version()); 

foreach ($sslVersions as $sslVersion) { 

    $uri = "https://api.reporting.cloud"; 

    printf("Trying %d", $sslVersion); 
    echo PHP_EOL; 

    $ch = curl_init($uri); 

    curl_setopt($ch, CURLOPT_VERBOSE  , true); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER , 1); 
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT , 0); 
    curl_setopt($ch, CURLOPT_TIMEOUT  , 2); 
    curl_setopt($ch, CURLOPT_SSLVERSION  , $sslVersion); 

    if (curl_exec($ch) === false) { 
     var_dump(curl_error($ch)); 
    } else { 
     curl_close($ch); 
    } 

    echo PHP_EOL; 
    echo PHP_EOL; 

} 

exit(1); 

मेरे विकास के वातावरण में इस स्क्रिप्ट का आउटपुट है:

array(9) { 
    ["version_number"]=> 
    int(468480) 
    ["age"]=> 
    int(3) 
    ["features"]=> 
    int(182173) 
    ["ssl_version_number"]=> 
    int(0) 
    ["version"]=> 
    string(6) "7.38.0" 
    ["host"]=> 
    string(19) "x86_64-pc-linux-gnu" 
    ["ssl_version"]=> 
    string(14) "OpenSSL/1.0.1t" 
    ["libz_version"]=> 
    string(5) "1.2.8" 
    ["protocols"]=> 
    array(21) { 
    [0]=> 
    string(4) "dict" 
    [1]=> 
    string(4) "file" 
    [2]=> 
    string(3) "ftp" 
    [3]=> 
    string(4) "ftps" 
    [4]=> 
    string(6) "gopher" 
    [5]=> 
    string(4) "http" 
    [6]=> 
    string(5) "https" 
    [7]=> 
    string(4) "imap" 
    [8]=> 
    string(5) "imaps" 
    [9]=> 
    string(4) "ldap" 
    [10]=> 
    string(5) "ldaps" 
    [11]=> 
    string(4) "pop3" 
    [12]=> 
    string(5) "pop3s" 
    [13]=> 
    string(4) "rtmp" 
    [14]=> 
    string(4) "rtsp" 
    [15]=> 
    string(3) "scp" 
    [16]=> 
    string(4) "sftp" 
    [17]=> 
    string(4) "smtp" 
    [18]=> 
    string(5) "smtps" 
    [19]=> 
    string(6) "telnet" 
    [20]=> 
    string(4) "tftp" 
    } 
} 
Trying 0 
* Rebuilt URL to: https://api.reporting.cloud/ 
* Hostname was NOT found in DNS cache 
* Trying 40.76.93.116... 
* Connected to api.reporting.cloud (40.76.93.116) port 443 (#0) 
* successfully set certificate verify locations: 
* CAfile: none 
    CApath: /etc/ssl/certs 
* SSL connection using TLSv1.2/ECDHE-RSA-AES256-SHA384 
* Server certificate: 
* subject: serialNumber=HRB 25927; 1.3.6.1.4.1.311.60.2.1.3=DE; businessCategory=Private Organization; C=DE; postalCode=28215; ST=Bremen; L=Bremen; street=Admiralstr. 54; O=Text Control GmbH; OU=ReportingCloud; OU=COMODO EV SSL; CN=api.reporting.cloud 
* start date: 2016-06-17 00:00:00 GMT 
* expire date: 2017-06-17 23:59:59 GMT 
* subjectAltName: api.reporting.cloud matched 
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Extended Validation Secure Server CA 
* SSL certificate verify ok. 
> GET/HTTP/1.1 
Host: api.reporting.cloud 
Accept: */* 

< HTTP/1.1 200 OK 
< Cache-Control: private 
< Content-Type: text/html; charset=utf-8 
* Server Microsoft-IIS/8.5 is not blacklisted 
< Server: Microsoft-IIS/8.5 
< X-AspNetMvc-Version: 5.2 
< X-AspNet-Version: 4.0.30319 
< X-Powered-By: ASP.NET 
< Date: Fri, 15 Jul 2016 14:22:40 GMT 
< Content-Length: 952 
< 
* Connection #0 to host api.reporting.cloud left intact 


Trying 1 
* Rebuilt URL to: https://api.reporting.cloud/ 
* Hostname was found in DNS cache 
* Trying 40.76.93.116... 
* Connected to api.reporting.cloud (40.76.93.116) port 443 (#0) 
* successfully set certificate verify locations: 
* CAfile: none 
    CApath: /etc/ssl/certs 
* SSL connection using TLSv1.2/ECDHE-RSA-AES256-SHA384 
* Server certificate: 
* subject: serialNumber=HRB 25927; 1.3.6.1.4.1.311.60.2.1.3=DE; businessCategory=Private Organization; C=DE; postalCode=28215; ST=Bremen; L=Bremen; street=Admiralstr. 54; O=Text Control GmbH; OU=ReportingCloud; OU=COMODO EV SSL; CN=api.reporting.cloud 
* start date: 2016-06-17 00:00:00 GMT 
* expire date: 2017-06-17 23:59:59 GMT 
* subjectAltName: api.reporting.cloud matched 
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Extended Validation Secure Server CA 
* SSL certificate verify ok. 
> GET/HTTP/1.1 
Host: api.reporting.cloud 
Accept: */* 

< HTTP/1.1 200 OK 
< Cache-Control: private 
< Content-Type: text/html; charset=utf-8 
* Server Microsoft-IIS/8.5 is not blacklisted 
< Server: Microsoft-IIS/8.5 
< X-AspNetMvc-Version: 5.2 
< X-AspNet-Version: 4.0.30319 
< X-Powered-By: ASP.NET 
< Date: Fri, 15 Jul 2016 14:22:40 GMT 
< Content-Length: 952 
< 
* Connection #0 to host api.reporting.cloud left intact 


Trying 4 
* Rebuilt URL to: https://api.reporting.cloud/ 
* Hostname was found in DNS cache 
* Trying 40.76.93.116... 
* Connected to api.reporting.cloud (40.76.93.116) port 443 (#0) 
* successfully set certificate verify locations: 
* CAfile: none 
    CApath: /etc/ssl/certs 
* SSL connection using TLSv1.0/ECDHE-RSA-AES256-SHA 
* Server certificate: 
* subject: serialNumber=HRB 25927; 1.3.6.1.4.1.311.60.2.1.3=DE; businessCategory=Private Organization; C=DE; postalCode=28215; ST=Bremen; L=Bremen; street=Admiralstr. 54; O=Text Control GmbH; OU=ReportingCloud; OU=COMODO EV SSL; CN=api.reporting.cloud 
* start date: 2016-06-17 00:00:00 GMT 
* expire date: 2017-06-17 23:59:59 GMT 
* subjectAltName: api.reporting.cloud matched 
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Extended Validation Secure Server CA 
* SSL certificate verify ok. 
> GET/HTTP/1.1 
Host: api.reporting.cloud 
Accept: */* 

< HTTP/1.1 200 OK 
< Cache-Control: private 
< Content-Type: text/html; charset=utf-8 
* Server Microsoft-IIS/8.5 is not blacklisted 
< Server: Microsoft-IIS/8.5 
< X-AspNetMvc-Version: 5.2 
< X-AspNet-Version: 4.0.30319 
< X-Powered-By: ASP.NET 
< Date: Fri, 15 Jul 2016 14:22:40 GMT 
< Content-Length: 952 
< 
* Connection #0 to host api.reporting.cloud left intact 


Trying 5 
* Rebuilt URL to: https://api.reporting.cloud/ 
* Hostname was found in DNS cache 
* Trying 40.76.93.116... 
* Connected to api.reporting.cloud (40.76.93.116) port 443 (#0) 
* successfully set certificate verify locations: 
* CAfile: none 
    CApath: /etc/ssl/certs 
* SSL connection using TLSv1.1/ECDHE-RSA-AES256-SHA 
* Server certificate: 
* subject: serialNumber=HRB 25927; 1.3.6.1.4.1.311.60.2.1.3=DE; businessCategory=Private Organization; C=DE; postalCode=28215; ST=Bremen; L=Bremen; street=Admiralstr. 54; O=Text Control GmbH; OU=ReportingCloud; OU=COMODO EV SSL; CN=api.reporting.cloud 
* start date: 2016-06-17 00:00:00 GMT 
* expire date: 2017-06-17 23:59:59 GMT 
* subjectAltName: api.reporting.cloud matched 
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Extended Validation Secure Server CA 
* SSL certificate verify ok. 
> GET/HTTP/1.1 
Host: api.reporting.cloud 
Accept: */* 

< HTTP/1.1 200 OK 
< Cache-Control: private 
< Content-Type: text/html; charset=utf-8 
* Server Microsoft-IIS/8.5 is not blacklisted 
< Server: Microsoft-IIS/8.5 
< X-AspNetMvc-Version: 5.2 
< X-AspNet-Version: 4.0.30319 
< X-Powered-By: ASP.NET 
< Date: Fri, 15 Jul 2016 14:22:41 GMT 
< Content-Length: 952 
< 
* Connection #0 to host api.reporting.cloud left intact 


Trying 6 
* Rebuilt URL to: https://api.reporting.cloud/ 
* Hostname was found in DNS cache 
* Trying 40.76.93.116... 
* Connected to api.reporting.cloud (40.76.93.116) port 443 (#0) 
* successfully set certificate verify locations: 
* CAfile: none 
    CApath: /etc/ssl/certs 
* SSL connection using TLSv1.2/ECDHE-RSA-AES256-SHA384 
* Server certificate: 
* subject: serialNumber=HRB 25927; 1.3.6.1.4.1.311.60.2.1.3=DE; businessCategory=Private Organization; C=DE; postalCode=28215; ST=Bremen; L=Bremen; street=Admiralstr. 54; O=Text Control GmbH; OU=ReportingCloud; OU=COMODO EV SSL; CN=api.reporting.cloud 
* start date: 2016-06-17 00:00:00 GMT 
* expire date: 2017-06-17 23:59:59 GMT 
* subjectAltName: api.reporting.cloud matched 
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Extended Validation Secure Server CA 
* SSL certificate verify ok. 
> GET/HTTP/1.1 
Host: api.reporting.cloud 
Accept: */* 

< HTTP/1.1 200 OK 
< Cache-Control: private 
< Content-Type: text/html; charset=utf-8 
* Server Microsoft-IIS/8.5 is not blacklisted 
< Server: Microsoft-IIS/8.5 
< X-AspNetMvc-Version: 5.2 
< X-AspNet-Version: 4.0.30319 
< X-Powered-By: ASP.NET 
< Date: Fri, 15 Jul 2016 14:22:41 GMT 
< Content-Length: 952 
< 
* Connection #0 to host api.reporting.cloud left intact 


Trying 2 
* Rebuilt URL to: https://api.reporting.cloud/ 
* Hostname was found in DNS cache 
* Trying 40.76.93.116... 
* Connected to api.reporting.cloud (40.76.93.116) port 443 (#0) 
* OpenSSL was built without SSLv2 support 
* Closing connection 0 
string(39) "OpenSSL was built without SSLv2 support" 


Trying 3 
* Rebuilt URL to: https://api.reporting.cloud/ 
* Hostname was found in DNS cache 
* Trying 40.76.93.116... 
* Connected to api.reporting.cloud (40.76.93.116) port 443 (#0) 
* successfully set certificate verify locations: 
* CAfile: none 
    CApath: /etc/ssl/certs 
* Unknown SSL protocol error in connection to api.reporting.cloud:443 
* Closing connection 0 
string(68) "Unknown SSL protocol error in connection to api.reporting.cloud:443 " 

यहां, हम स्पष्ट रूप से देख सकते हैं कि 'TLSv1.0 का उपयोग कर SSL कनेक्शन' बैकएंड सर्वर से सही ढंग से कनेक्ट हो रहा है।

हालांकि, निम्नलिखित में Travi-ci परिणामों पर एक ही स्क्रिप्ट चलाने:

PHP Notice: Use of undefined constant CURL_SSLVERSION_TLSv1_0 - assumed 'CURL_SSLVERSION_TLSv1_0' in /home/travis/build/TextControl/txtextcontrol-reportingcloud-php/demo/ssl-issue.php on line 7 
PHP Stack trace: 
PHP 1. {main}() /home/travis/build/TextControl/txtextcontrol-reportingcloud-php/demo/ssl-issue.php:0 

Notice: Use of undefined constant CURL_SSLVERSION_TLSv1_0 - assumed 'CURL_SSLVERSION_TLSv1_0' in /home/travis/build/TextControl/txtextcontrol-reportingcloud-php/demo/ssl-issue.php on line 7 

Call Stack: 
    0.0002  241400 1. {main}() /home/travis/build/TextControl/txtextcontrol-reportingcloud-php/demo/ssl-issue.php:0 

PHP Notice: Use of undefined constant CURL_SSLVERSION_TLSv1_1 - assumed 'CURL_SSLVERSION_TLSv1_1' in /home/travis/build/TextControl/txtextcontrol-reportingcloud-php/demo/ssl-issue.php on line 8 
PHP Stack trace: 
PHP 1. {main}() /home/travis/build/TextControl/txtextcontrol-reportingcloud-php/demo/ssl-issue.php:0 

Notice: Use of undefined constant CURL_SSLVERSION_TLSv1_1 - assumed 'CURL_SSLVERSION_TLSv1_1' in /home/travis/build/TextControl/txtextcontrol-reportingcloud-php/demo/ssl-issue.php on line 8 

Call Stack: 
    0.0002  241400 1. {main}() /home/travis/build/TextControl/txtextcontrol-reportingcloud-php/demo/ssl-issue.php:0 

PHP Notice: Use of undefined constant CURL_SSLVERSION_TLSv1_2 - assumed 'CURL_SSLVERSION_TLSv1_2' in /home/travis/build/TextControl/txtextcontrol-reportingcloud-php/demo/ssl-issue.php on line 9 
PHP Stack trace: 
PHP 1. {main}() /home/travis/build/TextControl/txtextcontrol-reportingcloud-php/demo/ssl-issue.php:0 

Notice: Use of undefined constant CURL_SSLVERSION_TLSv1_2 - assumed 'CURL_SSLVERSION_TLSv1_2' in /home/travis/build/TextControl/txtextcontrol-reportingcloud-php/demo/ssl-issue.php on line 9 

Call Stack: 
    0.0002  241400 1. {main}() /home/travis/build/TextControl/txtextcontrol-reportingcloud-php/demo/ssl-issue.php:0 

array(9) { 
    'version_number' => 
    int(464384) 
    'age' => 
    int(3) 
    'features' => 
    int(50749) 
    'ssl_version_number' => 
    int(0) 
    'version' => 
    string(6) "7.22.0" 
    'host' => 
    string(19) "x86_64-pc-linux-gnu" 
    'ssl_version' => 
    string(14) "GnuTLS/2.12.14" 
    'libz_version' => 
    string(7) "1.2.3.4" 
    'protocols' => 
    array(18) { 
    [0] => 
    string(4) "dict" 
    [1] => 
    string(4) "file" 
    [2] => 
    string(3) "ftp" 
    [3] => 
    string(4) "ftps" 
    [4] => 
    string(6) "gopher" 
    [5] => 
    string(4) "http" 
    [6] => 
    string(5) "https" 
    [7] => 
    string(4) "imap" 
    [8] => 
    string(5) "imaps" 
    [9] => 
    string(4) "ldap" 
    [10] => 
    string(4) "pop3" 
    [11] => 
    string(5) "pop3s" 
    [12] => 
    string(4) "rtmp" 
    [13] => 
    string(4) "rtsp" 
    [14] => 
    string(4) "smtp" 
    [15] => 
    string(5) "smtps" 
    [16] => 
    string(6) "telnet" 
    [17] => 
    string(4) "tftp" 
    } 
} 
Trying 0 
* About to connect() to api.reporting.cloud port 443 (#0) 
* Trying 40.76.93.116... * connected 
* found 164 certificates in /etc/ssl/certs/ca-certificates.crt 
* gnutls_handshake() failed: A TLS packet with unexpected length was received. 
* Closing connection #0 
string(76) "gnutls_handshake() failed: A TLS packet with unexpected length was received." 


Trying 1 
* About to connect() to api.reporting.cloud port 443 (#0) 
* Trying 40.76.93.116... * connected 
* found 164 certificates in /etc/ssl/certs/ca-certificates.crt 
* gnutls_handshake() failed: A TLS packet with unexpected length was received. 
* Closing connection #0 
string(76) "gnutls_handshake() failed: A TLS packet with unexpected length was received." 


Trying 0 
* About to connect() to api.reporting.cloud port 443 (#0) 
* Trying 40.76.93.116... * connected 
* found 164 certificates in /etc/ssl/certs/ca-certificates.crt 
* gnutls_handshake() failed: A TLS packet with unexpected length was received. 
* Closing connection #0 
string(76) "gnutls_handshake() failed: A TLS packet with unexpected length was received." 


Trying 0 
* About to connect() to api.reporting.cloud port 443 (#0) 
* Trying 40.76.93.116... * connected 
* found 164 certificates in /etc/ssl/certs/ca-certificates.crt 
* gnutls_handshake() failed: A TLS packet with unexpected length was received. 
* Closing connection #0 
string(76) "gnutls_handshake() failed: A TLS packet with unexpected length was received." 


Trying 0 
* About to connect() to api.reporting.cloud port 443 (#0) 
* Trying 40.76.93.116... * connected 
* found 164 certificates in /etc/ssl/certs/ca-certificates.crt 
* gnutls_handshake() failed: A TLS packet with unexpected length was received. 
* Closing connection #0 
string(76) "gnutls_handshake() failed: A TLS packet with unexpected length was received." 


Trying 2 
* About to connect() to api.reporting.cloud port 443 (#0) 
* Trying 40.76.93.116... * connected 
* GnuTLS does not support SSLv2 
* Closing connection #0 
string(29) "GnuTLS does not support SSLv2" 


Trying 3 
* About to connect() to api.reporting.cloud port 443 (#0) 
* Trying 40.76.93.116... * connected 
* found 164 certificates in /etc/ssl/certs/ca-certificates.crt 
* gnutls_handshake() failed: A TLS packet with unexpected length was received. 
* Closing connection #0 
string(76) "gnutls_handshake() failed: A TLS packet with unexpected length was received." 

मैं यह भी देखा कि स्थिरांक CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1 और CURL_SSLVERSION_TLSv1_2 पर ट्रैविस-ci के पीएचपी 5.6, और न ही पीएचपी 7 उपलब्ध नहीं हैं संस्करणों।

सारांशित करने के लिए, मैंने सभी संभावित CURL_SSLVERSION_ * स्थिरांक के माध्यम से looped किया है और एक भी मुझे ट्रैविस-सीआई पर api.reporting.cloud से कनेक्ट करने की अनुमति नहीं देता है, भले ही मैं किस PHP संस्करण का उपयोग करता हूं।

क्या किसी के पास कोई सुझाव है कि मैं travis-ci से api.reporting.cloud से कैसे कनेक्ट कर सकता हूं?

Answer 3

इस समस्या का समाधान मानक उबंटू ट्रस्टी php5-cli और php5-curl संकुल का उपयोग करने के लिए ट्रैविस-सीआई को कॉन्फ़िगर करना है। मानक पैकेज CURL_SSLVERSION_TLSv1_1 निरंतर प्रदान करते हैं।

.travis.yml फ़ाइल इस तरह दिखता है:

sudo: required 

dist: trusty 

language: php 

before_install: 
    - sudo apt-get -y install git zip php5-cli php5-curl 

before_script: 
    - php -r "printf('PHP %s', phpversion());" 
    - composer self-update 
    - composer install --no-interaction 

script: 
    - mkdir -p ./build/logs 
    - ./vendor/bin/phpunit 

पीएचपी स्रोत में, यह तो बस PHP कोड के मामले में ऊपर उल्लिखित निरंतर निर्धारित करने की बात ट्रैविस-ci द्वारा निष्पादित किया जा रहा है :

if (getenv('TRAVIS')) { 
    $options['curl'][CURLOPT_SSLVERSION] = CURL_SSLVERSION_TLSv1_1; 
} 

इस तरीके को नुकसान यह है कि यह केवल विशिष्ट PHP संस्करण कि उबंटू भरोसेमंद प्रदान करता है (पीएचपी 5.5) पर काम करता है। 10 जुलाई, 2016 को PHP 5.5 को जीवन के अंत तक पहुंचा, यह समाधान स्वीकार्य नहीं है।

ट्रैविस-ci 28 फरवरी, 2016 को उबंटू 16.04 LTS, लेकिन ब्रैंडन बर्टन, ट्रैविस-ci wrote में आधारभूत संरचना प्रबंधक अद्यतन करने के लिए के लिए यह आदर्श होगा:

Given that, we are currently focused on support 12.04 and 14.04 as our primary environments. At the moment, it is unlikely that we'll be supporting 16.04 as a native environment this year.

इसलिए, यह प्रतीत होता है हम कर रहे हैं थोड़ी देर के लिए उबंटू ट्रस्टी के साथ फंस गया।

इस समस्या की जड़ यह है कि ट्रैविस-सीआई पर चलने वाले PHP संस्करण को 2011 से gnutls-cli (gnuTLS) 2.12.23 के साथ संकलित किया गया था। Gnutls-cli के इस विशिष्ट संस्करण में कुछ (लेकिन नहीं सब) टीएलएस 1.2 कनेक्शन।

@ ट्रैविस-सीआई: जीएनयूटीएलएस के एक और आधुनिक संस्करण के खिलाफ उपयोग किए जाने वाले PHP संस्करणों को फिर से संकलित करना संभव होगा - या कम से कम एक जो टीएलएस 1.2 का बेहतर समर्थन करता है?