Verify if curl is using TLS

Use https://tlstest.paypal.com:

For example:

$ curl https://tlstest.paypal.com/
ERROR! Connection is using TLS version lesser than 1.2. Please use TLS1.2

$ ./src/curl https://tlstest.paypal.com/
PayPal_Connection_OK

Short Answer

Make a request with curl to https://www.howsmyssl.com/ 

<?php 
$ch = curl_init('https://www.howsmyssl.com/a/check');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
curl_close($ch);

$json = json_decode($data);
echo $json->tls_version;

that should output what TLS version was used to connect.

Digging Deeper

Curl relies on the underlying OpenSSL (or NSS) library to do the negotiation of the secure connection. So I believe the right question to ask here is what is the OpenSSL library capable of. If it can handle a TLS connection, then curl can handle a TLS connection.

So how to figure out what the openssl (or NSS) library is capable of?

<?php    
$curl_info = curl_version();
echo $curl_info['ssl_version'];

which is going to dump out something like 

OpenSSL/1.0.1k

Then you can go and have a look at the release notes for that version and see if it includes TLS support.

OpenSSL Release notes - https://www.openssl.org/news/changelog.html

NSS Release notes - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases

Spoiler Alert

  • openssl includes support for TLS v1.1 and TLS v1.2 in OpenSSL 1.0.1 [14 Mar 2012]
  • NSS included support for TLS v1.1 in 3.14
  • NSS included support for TLS v1.2 in 3.15

If you want to test which protocol is being used for a specific url (like a payment api endpoint) you can log curl's verbose output and see it there. Here's a quick example:

$url = 'https://example.com/';
$ch  = curl_init($url);
$out = fopen('php://temp', 'w+');

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_STDERR, $out);
curl_exec($ch);
curl_close($ch);
rewind($out);

$debug = stream_get_contents($out);

if (preg_match('/SSL connection.*/', $debug, $match)) {
    echo '<pre>' . $url . PHP_EOL . $match[0];
}

For me that gives output like:

https://example.com/
SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384

Tags:

Php

Ssl

Curl

Recent Posts