Curl OpenSSL error 141A318A tls_process_ske_dhe:dh key too small

Question

I have a webapplication that makes a curl call to a different site to get data. Since my webspace provider (ionos) made some changes to the server, the curl call is no longer working.

my curl call looked like this:

$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_URL, $link);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$sResult = curl_exec($ch);
curl_close($ch);

It didnt work. $sResult was empty. I changed my code and tried

$test = file_get_contents($link);

this gives me the error:

PHP Warning:  file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

is there something missing in my curl call or file_get_contents call?

Answer 1

The usual recommendation for this error is to set the "CipherString" parameter in /etc/ssl/openssl.cnf to "DEFAULT:@SECLEVEL=1".

• https://askubuntu.com/a/1233456
• https://imlc.me/dh-key-too-small

In PHP, you can achieve the same thing with curl_setopt():

curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'DEFAULT@SECLEVEL=1');

This is a better solution than editing openssl.cnf since it allows you to relax security for just one specific call, rather than system-wide.

Answer 2

If you are using the file_get_contents() function, this works nicely

$context=array(
    "ssl"=>array(
        'ciphers' => 'DEFAULT:!DH'
    ),
); 

$json = file_get_contents($url, false, stream_context_create($context));