Unknown cipher in list: TLSv1 SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Resolving "unknown cipher in list" and "SSLv3 alert handshake failure" errors
Overview: This article describes troubleshooting steps for resolving TLSv1 SSL handshake failures due to unknown cipher issues.
Note:
Upgrading to the latest version of Ezeelogin available in the customer portal is known to fix this issue. If you continue to have issues, do read ahead.
Upgrading CURL to the latest version 7.59.0 will fix the issue while accessing Cpanel/WHM. However, the curl upgrade has to be done manually as the official Centos repo does not ship the latest versions.
Note: The issue has been reported in Centos 6 & Centos 7 running php7.0 & php7.1 installed using the REMI repository. Going back to the PHP version available from the official Centos Repo resolves the issue.
- In Centos 6 running PHP 5.3.3. & Centos 7 running default PHP version 5.4.16, the following command should fix the issue, if not you would need to go for the manual upgrade.
root@gateway:~# yum upgrade
root@gateway:~# service httpd restart
Note: To continue using PHP 7.0/7.1 in Centos 6/7, curl library linked in php web module has to be upgraded to the latest
root@gateway:~# yum install libcurl-devel openssl-devel php-devel
root@gateway:~# wget https://curl.haxx.se/download/curl-7.59.0.tar.gz; tar -zxf curl-7.59.0.tar.gz; cd curl-7.59.0;./configure --with-ssl; make; make install
- If php7.1 is running on the server, then download the corresponding php source code
root@gateway:~# tar -zxf php-7.1.16.tar.gz; cd php-7.1.16/ext/curl/; phpize; ./configure; make; make install; service httpd restart
- If php7.0 is running on the server, then download the corresponding php source code
root@gateway:~# tar -zxf php-7.0.29.tar.gz; cd php-7.0.29/ext/curl/; phpize; ./configure; make; make install; service httpd restart
Related Articles:
How to install and switch different versions of PHP in Ubuntu?