OpenSSL SSL_connect

Jyotishgher Astrology
By -Jyotishgher Astrology
9:40 PM2 minute read
0

 OpenSSL SSL_connect: SSL_ERROR_SYSCALL

The error “OpenSSL SSL_connect: SSL_ERROR_SYSCALL” in cURL usually indicates an issue with SSL/TLS connection between your server and the API. Here’s how you can troubleshoot and fix it.

OpenSSL SSL_connect: SSL_ERROR_SYSCALL
OpenSSL SSL_connect: SSL_ERROR_SYSCALL

✅ 1. Test SSL Connection in Terminal

Run this command from your LAMP server to check the SSL certificate of domain.com:

openssl s_client -connect pardarsy.railnet.gov.in:443 -showcerts

Expected Output

  • If it connects successfully, it will show SSL certificate details.
  • If it fails, your server might have outdated SSL libraries or network issues.

✅ 2. Check cURL & OpenSSL Versions

Run:

php -i | grep -i "openssl"
curl --versio

Ensure You Have

  • OpenSSL 1.1.1 or newer (for modern TLS)
  • cURL 7.58.0 or newer (old versions might not support the API)

If OpenSSL is outdated, update it:

sudo apt update && sudo apt install --only-upgrade openssl libssl-dev

✅ 3. Bypass SSL Verification (For Debugging)

Modify your PHP cURL request to disable SSL verification:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

👉 If this works, the issue is with SSL verification. You should re-enable SSL verification and fix the underlying cause.

✅ 4. Check Server’s CA Certificates

Sometimes, missing CA certificates cause SSL errors.
 Run:

ls -l /etc/ssl/certs/ca-certificates.crt

If the file is missing or outdated, update CA certificates:

sudo apt install --reinstall ca-certificates
sudo update-ca-certificates

Then, restart Apache:

sudo systemctl restart apache2

✅ 5. Test API Connection Using wget

If cURL fails, try wget:

wget --no-check-certificate https://xxxx/xxx/loginauth/authenticate
  • If wget works but cURL doesn't, it's likely a cURL/SSL issue.
  • If wget also fails, your server cannot reach the API.

✅ 6. Check Firewall & Proxy

  • If you are behind a corporate proxy, configure cURL:
  • export http_proxy="http://proxy.example.com:8080" export https_proxy="https://proxy.example.com:8080"
  • Ensure UFW (firewall) is not blocking cURL requests:
  • sudo ufw allow out on eth0

✅ 7. Use HTTP/1.1 Instead of HTTP/2

Try forcing HTTP/1.1 (some servers have issues with HTTP/2):

curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);

✅ Final Steps

1️⃣ Run openssl s_client -connect to check SSL errors.
 2️⃣ Update OpenSSL & cURL if outdated.
 3️⃣ Temporarily disable SSL verification to confirm the issue.
 4️⃣ Check CA certificates and update them.
 5️⃣ Try using wget to confirm API reachability.
 6️⃣ Force HTTP/1.1 in cURL settings.

Tags:
Jyotishgher Astrology

Jyotishgher Astrology

Place your burden at the feet of the Lord of the Universe who accomplishes everything. Remain all the time steadfast in the heart, in the Transcendental Absolute. God knows the past, present and future. He will determine the future for you and accomplish the work. What is to be done will be done at the proper time. Don’t worry. Abide in the heart and surrender your acts to the divine

    You Might Like

    Show more
    PHP

    Post a Comment

    0Comments

    Post a Comment (0)
    Share to other apps
    Copy Post Link