/    Sign up×
Community /Pin to ProfileBookmark

Security Problem with cURL

I am trying to transmit data via PHP cURL to a payment gateway, but I am getting the error message “CURL error message : error:0A000152:SSL routines::unsafe legacy  renegotiation disabled”.

A search on Google leaves me totally baffled. I can’t even figure out whether it is my server or the payment gateway server that is having problems.

This has worked for years until about 10 days ago.

Can anyone set me in the right direction?

to post a comment
PHPServer Management

7 Comments(s)

Copy linkTweet thisAlerts:
@code-lightningMar 02.2023 — Hey computergenius, interesting question. Any further details you can share regarding which versions of cURL and OpenSSL you're using? It sounds like it might be related to changes in the default setting of SSL_OP_LEGACY_SERVER_CONNECT
Copy linkTweet thisAlerts:
@themolitorMar 02.2023 — Did a search and found this:

The error message "CURL error message : error:0A000152:SSL routines::unsafe legacy renegotiation disabled" indicates that there is an issue with the SSL/TLS configuration on either your server or the payment gateway server.

This error message specifically refers to a security feature called "Secure Renegotiation" which is used to protect against certain types of attacks on SSL/TLS connections. The error message indicates that the server has disabled support for insecure renegotiation, which may be necessary for the specific SSL/TLS configuration being used by your PHP cURL code.

There are a few things you can try to resolve this issue:

1. Update your PHP cURL version: Make sure you are using the latest version of PHP cURL on your server. If you are using an outdated version of PHP cURL, you may need to update it to a newer version that supports the latest SSL/TLS protocols.

2. Update your SSL/TLS configuration: Check your SSL/TLS configuration to ensure that it is up-to-date and meets current security standards. You may need to update your SSL/TLS certificates or modify your SSL/TLS configuration to support the latest protocols and ciphers.

3. Contact the payment gateway: If you are unable to resolve the issue on your own, contact the payment gateway support team for assistance. They may be able to provide more information about the specific SSL/TLS configuration requirements for their system and help you troubleshoot the issue.

Hope that helps! 🤘
Copy linkTweet thisAlerts:
@computergeniusauthorMar 02.2023 — Thanks for your suggestions. I was hoping to be able to establish which end the problem is at - the answer is either end.

The client is on a shared server, so I am limited in what I can do.

So I shall start at the top!

PHP Version is 7.1.33, with curl 7.85.0, according to PHPinfo(), so it could be more up-to-date. This version of cURL is from last august.
However, siteground say that we are on PHP 7.4 which is automatically set.
So that's the place to start...

I would have thought that the place to start was the Payment Gateway, but the client is in Turkey, and can only use Turkish suppliers, and these guys have been telling the client that the data was bad, giving examples of errors which I disagreed with - and finally telling us that they weren't even receiving data, and seem to be denying that they told us the data was bad. That's outstandingly bad support.

This could bring my client down, and I really don't want to lose her.
@themolitorThe most recent stable version of cURL (7.88.1) was last udpated on 2023-02-20. Seems like a good place to start would be upgrading your cURL version?Mar 02.2023
@themolitor...The update also seems to align with when you noticed this issue ("about 10 days ago"). 👍Mar 02.2023
Copy linkTweet thisAlerts:
@computergeniusauthorMar 03.2023 — I have upgraded PHP to the latest V7 version, it was held back by a command in the .htaccess file that I hadn't seen. But I still have the same version of cURL 7.85.0

I don't know how to upgrade cURL, and it's on a shared server. I need to ask Siteground support if it's possible.
Copy linkTweet thisAlerts:
@computergeniusauthorMar 03.2023 — As expected, siteground tells us that they cannot change the cURL version, and as the site owner is in Turkiye, she cannot use payment providers outside Turkey.

Looks like the client's business is about to get strangled by her government
Copy linkTweet thisAlerts:
@computergeniusauthorMar 03.2023 — The client cannot upgrade her version of cURL, and all the payment provider will say is (translated from Turkish)
"It may be related to SSL certification. This error is not our fault, so I can only comment. It is very difficult for me to help unless our logs are recorded."
@themolitorlame 👎Mar 03.2023
Copy linkTweet thisAlerts:
@computergeniusauthorMar 16.2023 — The final result was that my client changed server, to one with an earlier version of cURL. The lower level meant that my client could connect to the payment provider, whose security had not been upgraded,

On checking the security of the payment provider's site, we found that it was lower than the security on the client's shared server site!

So now it is all working, and the client has time to find another payment provider.

The main problem remains, she is in Turkey, and banking restrictions mean that she cannot use a "foreign" provider. As I understand it, PayPal had to pull out of Turkey, because the new restrictions meant that they could not operate there unless PayPal moved all their offices and data storage to Turkey, with all that that involved.


Help @computergenius spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 11.30,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ

legal: ({
terms: of use,
privacy: policy
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
recent_tips: (
tipper: @bahaedd,
tipped: article
amount: 1000 SATS,

tipper: @Balmasexy,
tipped: article
amount: 1000 SATS,

tipper: @mbsaad,
tipped: article
amount: 1000 SATS,