First, I'm aware of the SSL Library Error: error:0A000126:SSL routines::unexpected eof while reading error stemming from OpenSSL 3 reintroducing a feature to prevent truncation attacks.
The question I have is why I'm seeing this error when I'm making a curl call via PHP from the very same server that's reporting the error?
I'm running Rocky Linux 9.1, PHP 8.0.27, and have OpenSSL 3.0.1 (latest versions available). I can't upgrade to PHP8.1 via the dnf module yet due to missing libraries not yet available for that release.
Since I'm making a curl call from the server to itself, one would think that if it's up to date enough to recognize the error, that it would be issuing the requests properly. The "bug" reports indicate that this is generally from non-compliant servers issuing the requests, so where should I be looking in my system to correct the request format so I can bring myself into compliance and get my curl requests working again?
Here are the current curl opts I'm using with my request...
CURLOPT_HTTPGET => TRUE,
CURLOPT_HEADER => FALSE,
CURLOPT_FAILONERROR => FALSE,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_CONNECTTIMEOUT => 10,
CURLOPT_TIMEOUT => 60,
CURLOPT_SSL_CIPHER_LIST => NULL,
CURLOPT_CAINFO => '/path/to/ca-certs.pem',
CURLOPT_SSL_VERIFYPEER => TRUE,
CURLOPT_SSL_VERIFYHOST => 2
And here are the SSL/TLS related options from httpd.conf...
SSLProtocol -all +TLSv1.3 +TLSv1.2
SSLProxyProtocol -all +TLSv1.3 +TLSv1.2
SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
SSLCipherSuite SSL AES256+EECDH:AES256+EDH:!SHA1:!SHA256:!SHA384
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLOpenSSLConfCmd Curves X25519:secp521r1:prime256v1
Thanks for any help you can offer!
EDIT: Solution below, tldr; had to specify TLS version and cipher in the client request.
