Change the SSL Version of curl in PHP to NSS/3.21 Basic ECC

twhiting9275

Well-Known Member
Sep 26, 2002
560
28
178
cPanel Access Level
Root Administrator
Twitter
Hello,
If you're using cPanel, you're using Redhat/CentOS . This software is maintained by the package distribution system, so you should be able to just run the following

Code:
yum -y update
to update curl itself

Once you do that, re-run easyapache and the rest should be good.

If it doesn't show that specific version, the vendor may be after a bit more than can be done. In most cases like this, you can simply tell them that you're using redhat and the version is up to date. Just make sure that it actually is first :)
 

WebHostPro

Well-Known Member
PartnerNOC
Jul 28, 2002
1,725
28
328
LA, Costa RIca
cPanel Access Level
Root Administrator
Twitter
Oh darn, they said it didn't work. The error goes like this from Paypal:
Code:
Making new connection to 'api-3t.sandbox.paypal.com/nvp'
Connect with CURL method successful
<b>Sending this params:</b>
METHOD=SetExpressCheckout&VERSION=124&PWD=HYAS7FB9Q6BB6JEF&USER=someusername_api1.gmail.com&SIGNATURE=An5ns1Kso7MWUdW4ErQKJJJ4qi4-AchMnpzWLS7qKAj70oo.XFuJ2XIR&CANCELURL=https%3A%2F%2Fwww.example.com%2Fen%2Fquick-order%3Fpaypal_ec_canceled%3D1%26&RETURNURL=https%3A%2F%2Fwww.example.com%2Fmodules%2Fpaypal%2Fexpress_checkout%2Fpayment.php&NOSHIPPING=0&BUTTONSOURCE=PSAPAC_PRESTASHOP_EC&L_PAYMENTREQUEST_0_NUMBER0=28&L_PAYMENTREQUEST_0_NAME0=Chu%21+1&L_PAYMENTREQUEST_0_DESC0=keywordds...&L_PAYMENTREQUEST_0_AMT0=2.02&L_PAYMENTREQUEST_0_QTY0=1&L_PAYMENTREQUEST_0_NUMBER1=361&L_PAYMENTREQUEST_0_NAME1=keywords+&L_PAYMENTREQUEST_0_DESC1=keywords...&L_PAYMENTREQUEST_0_AMT1=32.37&L_PAYMENTREQUEST_0_QTY1=1&PAYMENTREQUEST_0_PAYMENTACTION=Sale&PAYMENTREQUEST_0_CURRENCYCODE=EUR&PAYMENTREQUEST_0_SHIPPINGAMT=13.59&PAYMENTREQUEST_0_ITEMAMT=34.39&PAYMENTREQUEST_0_AMT=47.98&ADDROVERRIDE=0&EMAIL=example&PAYMENTREQUEST_0_SHIPTONAME=example&PAYMENTREQUEST_0_SHIPTOPHONENUM=065208618&PAYMENTREQUEST_0_SHIPTOSTREET=19+rue+du+gout&PAYMENTREQUEST_0_SHIPTOSTREET2=&PAYMENTREQUEST_0_SHIPTOCITY=Angers&PAYMENTREQUEST_0_SHIPTOSTATE=AK&PAYMENTREQUEST_0_SHIPTOCOUNTRYCODE=US&PAYMENTREQUEST_0_SHIPTOZIP=49100&SOLUTIONTYPE=Sole&LANDINGPAGE=Login&USER=example.gmail.com&PWD=xxxx&SIGNATURE=xxxx-xxxx
Send with CURL method failed ! Error: Unsupported SSL protocol version
Connect failed with fsockopen method
 
Last edited by a moderator:

WebHostPro

Well-Known Member
PartnerNOC
Jul 28, 2002
1,725
28
328
LA, Costa RIca
cPanel Access Level
Root Administrator
Twitter
That would be great, I changed everything to the recommended PCI protocol CPanel gives but we still have the issue. I read both pages but neither say the correct cipher.

Does anyone happen to know what the exact SSL Cipher is? We use this one now.

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
 

twhiting9275

Well-Known Member
Sep 26, 2002
560
28
178
cPanel Access Level
Root Administrator
Twitter
The defaults should work:
Code:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
 

WebHostPro

Well-Known Member
PartnerNOC
Jul 28, 2002
1,725
28
328
LA, Costa RIca
cPanel Access Level
Root Administrator
Twitter
Nope, still at square one. None of this helped but thanks for trying! You would think, something that is mandatory now would have an easy way to do it. I guess it's just too hard for the coders.

Just wish CPanel would somehow be able to update itself when important new things come about.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463
Hello,

cURL is provided by your operating system (e.g. CentOS/RHEL), however there is a feature request for what you are seeking at:

Update to latest curl

The following thread offers instructions on how to manually compile your own version of cURL when using EasyApache 3:

cURL with AsynchDNS

Thank you.