The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Change the SSL Version of curl in PHP to NSS/3.21 Basic ECC

Discussion in 'EasyApache' started by DWHS.net, May 31, 2016.

  1. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    I have a customer that needs to update their Curl protocol for their merchant account.

    They have to change the SSL Version of the curl in PHP to NSS/3.21 Basic ECC.

    This doesn't happen to have a /scripts updater or can be done in Easyapache does it?
     
  2. twhiting9275

    twhiting9275 Well-Known Member

    Joined:
    Sep 26, 2002
    Messages:
    538
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,
    If you're using cPanel, you're using Redhat/CentOS . This software is maintained by the package distribution system, so you should be able to just run the following

    Code:
    yum -y update
    
    to update curl itself

    Once you do that, re-run easyapache and the rest should be good.

    If it doesn't show that specific version, the vendor may be after a bit more than can be done. In most cases like this, you can simply tell them that you're using redhat and the version is up to date. Just make sure that it actually is first :)
     
  3. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    Thanks, I really hoping someone might have some insight. I tired and am waiting for the customer to see if it worked. :)
     
  4. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    Oh darn, they said it didn't work. The error goes like this from Paypal:
    Code:
    Making new connection to 'api-3t.sandbox.paypal.com/nvp'
    Connect with CURL method successful
    <b>Sending this params:</b>
    METHOD=SetExpressCheckout&VERSION=124&PWD=HYAS7FB9Q6BB6JEF&USER=someusername_api1.gmail.com&SIGNATURE=An5ns1Kso7MWUdW4ErQKJJJ4qi4-AchMnpzWLS7qKAj70oo.XFuJ2XIR&CANCELURL=https%3A%2F%2Fwww.example.com%2Fen%2Fquick-order%3Fpaypal_ec_canceled%3D1%26&RETURNURL=https%3A%2F%2Fwww.example.com%2Fmodules%2Fpaypal%2Fexpress_checkout%2Fpayment.php&NOSHIPPING=0&BUTTONSOURCE=PSAPAC_PRESTASHOP_EC&L_PAYMENTREQUEST_0_NUMBER0=28&L_PAYMENTREQUEST_0_NAME0=Chu%21+1&L_PAYMENTREQUEST_0_DESC0=keywordds...&L_PAYMENTREQUEST_0_AMT0=2.02&L_PAYMENTREQUEST_0_QTY0=1&L_PAYMENTREQUEST_0_NUMBER1=361&L_PAYMENTREQUEST_0_NAME1=keywords+&L_PAYMENTREQUEST_0_DESC1=keywords...&L_PAYMENTREQUEST_0_AMT1=32.37&L_PAYMENTREQUEST_0_QTY1=1&PAYMENTREQUEST_0_PAYMENTACTION=Sale&PAYMENTREQUEST_0_CURRENCYCODE=EUR&PAYMENTREQUEST_0_SHIPPINGAMT=13.59&PAYMENTREQUEST_0_ITEMAMT=34.39&PAYMENTREQUEST_0_AMT=47.98&ADDROVERRIDE=0&EMAIL=example&PAYMENTREQUEST_0_SHIPTONAME=example&PAYMENTREQUEST_0_SHIPTOPHONENUM=065208618&PAYMENTREQUEST_0_SHIPTOSTREET=19+rue+du+gout&PAYMENTREQUEST_0_SHIPTOSTREET2=&PAYMENTREQUEST_0_SHIPTOCITY=Angers&PAYMENTREQUEST_0_SHIPTOSTATE=AK&PAYMENTREQUEST_0_SHIPTOCOUNTRYCODE=US&PAYMENTREQUEST_0_SHIPTOZIP=49100&SOLUTIONTYPE=Sole&LANDINGPAGE=Login&USER=example.gmail.com&PWD=xxxx&SIGNATURE=xxxx-xxxx
    Send with CURL method failed ! Error: Unsupported SSL protocol version
    Connect failed with fsockopen method
    
     
    #4 DWHS.net, Jun 3, 2016
    Last edited by a moderator: Jun 3, 2016
  5. twhiting9275

    twhiting9275 Well-Known Member

    Joined:
    Sep 26, 2002
    Messages:
    538
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
  6. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    That would be great, I changed everything to the recommended PCI protocol CPanel gives but we still have the issue. I read both pages but neither say the correct cipher.

    Does anyone happen to know what the exact SSL Cipher is? We use this one now.

    ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
     
  7. twhiting9275

    twhiting9275 Well-Known Member

    Joined:
    Sep 26, 2002
    Messages:
    538
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    The defaults should work:
    Code:
    ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    
     
  8. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    Nope, still at square one. None of this helped but thanks for trying! You would think, something that is mandatory now would have an easy way to do it. I guess it's just too hard for the coders.

    Just wish CPanel would somehow be able to update itself when important new things come about.
     
  9. twhiting9275

    twhiting9275 Well-Known Member

    Joined:
    Sep 26, 2002
    Messages:
    538
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    What OS / Version are you using? I have yet to have any problems with those settings
     
  10. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    Centos6, Latest Cpanel, easy Apache, All standard stuff.
     
  11. twhiting9275

    twhiting9275 Well-Known Member

    Joined:
    Sep 26, 2002
    Messages:
    538
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    There should be no reason you're failing that test then, unless the script itself is out of date.
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    cURL is provided by your operating system (e.g. CentOS/RHEL), however there is a feature request for what you are seeking at:

    Update to latest curl

    The following thread offers instructions on how to manually compile your own version of cURL when using EasyApache 3:

    cURL with AsynchDNS

    Thank you.
     
Loading...

Share This Page