I'm wondering if it's possible to determine what ssl/tsl protocol is used when using a curl connection to an HTTPS server. [man]curl_getinfo[/man] does provide a tiny bit of info but nothing at all seems to tell us what protocol was actually used:

Array
(
    [url] => https://api-3t.sandbox.paypal.com/nvp
    [content_type] => text/plain; charset=utf-8
    [http_code] => 200
    [header_size] => 624
    [request_size] => 651
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 3.550331
    [namelookup_time] => 0.060666
    [connect_time] => 0.112217
    [pretransfer_time] => 0.216712
    [size_upload] => 513
    [size_download] => 135
    [speed_download] => 38
    [speed_upload] => 144
    [download_content_length] => 135
    [upload_content_length] => 513
    [starttransfer_time] => 3.550293
    [redirect_time] => 0
    [redirect_url] => 
    [primary_ip] => 173.0.82.83
    [certinfo] => Array
        (
        )

[primary_port] => 443
[local_ip] => 192.168.1.1
[local_port] => 42398
)

I've tried setting curlopt_header to 1 but the headers don't seem to provide any clues about TSL/SSL either.

I saw a (rather poor) answer to this question on StackOverflow and took care to point out that it doesn't really answer the question.

    There seems to be a combination of CURLOPT_VERBOSE and CURLOPT_CERTINFO that might spit out more stuff (to stderr - I suppose that means having to set a filehandle with CURLOPT_STDERR to redirect it).

      a month later

      Thanks so much for your response, Weedpacket. I see that if you run curl from the command line on linux with a -v option, you get a line describing the encryption protocol used:

      $ curl -v https://google.com
* Rebuilt URL to: https://google.com/
* Hostname was NOT found in DNS cache
*   Trying 216.58.217.206...
* Connected to google.com (216.58.217.206) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-ECDSA-AES128-GCM-SHA256
* Server certificate:
* 	 subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=*.google.com
* 	 start date: 2018-02-20 14:33:16 GMT
* 	 expire date: 2018-05-15 14:08:00 GMT
* 	 subjectAltName: google.com matched
* 	 issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
* 	 SSL certificate verify ok.
GET / HTTP/1.1
User-Agent: curl/7.35.0
Host: google.com
Accept: */*

< HTTP/1.1 301 Moved Permanently
< Location: https://www.google.com/
< Content-Type: text/html; charset=UTF-8
< Date: Thu, 15 Mar 2018 02:48:35 GMT
< Expires: Sat, 14 Apr 2018 02:48:35 GMT
< Cache-Control: public, max-age=2592000
* Server gws is not blacklisted
< Server: gws
< Content-Length: 220
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
< 
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
* Connection #0 to host google.com left intact

      In that sample, it's this line:

      * SSL connection using ECDHE-ECDSA-AES128-GCM-SHA256
[/code

I wrote a quick PHP script to test your suggestions:
[code=php]
// Create a cURL handle
$ch = curl_init("https://www.google.com/");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);

$fh = fopen("/tmp/stderr.txt", "w+");
if (!$fh) {
        die("could not open stderr\n");
}
curl_setopt($ch, CURLOPT_STDERR, $fh);


// Execute
$result = curl_exec($ch);

fclose($fh);

if (!$result) {
        die("curl_exec failed");
}

// Check if any error occurred
if (!curl_errno($ch)) {
        echo "success\n";
        $info = curl_getinfo($ch);
        var_dump($info);
}

// Close handle
curl_close($ch);

      This results in some of that verbosity being written to /tmp/stderr.txt:

      * Hostname was NOT found in DNS cache
*   Trying 172.217.11.68...
* Connected to www.google.com (172.217.11.68) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSL connection using ECDHE-ECDSA-AES128-GCM-SHA256
* Server certificate:
* 	 subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=www.google.com
* 	 start date: 2018-02-28 22:09:58 GMT
* 	 expire date: 2018-05-23 22:07:00 GMT
* 	 subjectAltName: www.google.com matched
* 	 issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
* 	 SSL certificate verify ok.
GET / HTTP/1.1
Host: www.google.com
Accept: */*

< HTTP/1.1 200 OK
< Date: Thu, 15 Mar 2018 03:00:20 GMT
< Expires: -1
< Cache-Control: private, max-age=0
< Content-Type: text/html; charset=ISO-8859-1
< P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
* Server gws is not blacklisted
< Server: gws
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
etc
etc
etc

      I expect I could work up a regex to extract the cipher from there.

        Write a Reply...