Fix SSL error “unexpected eof while reading” on the same server as the request source

Wondering why you’re seeing the “unexpected eof while reading” error when making a request to the same server? Here’s a quick and easy fix.

What does this error mean?

The SSL error message “SSL: error:0A000126:SSL routines::unexpected eof while reading” is the result of OpenSSL version 3 reintroducing a security feature to prevent truncation attacks. See: SSL: error:0A000126:SSL routines::unexpected eof while reading.

Many individuals encounter this error when making a curl call request through PHP from the same server that’s generating the error message.

The SSL error message “SSL: error:0A000126:SSL routines::unexpected eof while reading” is a cryptic error message indicating an issue with the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol during a data exchange over an encrypted connection. Let’s break it down:

1. SSL/TLS Protocols: SSL and TLS are cryptographic protocols that secure data transmissions over the internet. They provide encryption, data integrity, and authentication between two parties, typically a client (e.g., a web browser) and a server (e.g., a web server).
2. Error Code “0A000126”: This code is a hexadecimal representation of the specific error within the SSL/TLS library. It indicates that something has gone wrong during the SSL/TLS handshake process.
3. SSL Routines: SSL routines refer to the specific functions or processes within the SSL/TLS library that are responsible for various tasks, including encryption, decryption, and the handshake process.
4. Unexpected EOF (End of File) While Reading: The “unexpected eof while reading” part of the error message suggests that the SSL/TLS library encountered an abrupt end of file or data stream while it was in the process of reading data during the handshake. In other words, the SSL/TLS connection was unexpectedly terminated before the expected data exchange could be completed.

Now, let’s understand why this error occurs:

• Truncation Attacks: In cryptographic protocols like SSL/TLS, truncation attacks occur when an attacker intentionally terminates the connection before the communication is complete, causing the recipient to process incomplete or incorrect data. This can lead to security vulnerabilities. To prevent truncation attacks, security features are implemented in SSL/TLS libraries.
• Limited Cipher Negotiation: The error can also occur when the client (in your case, cURL) and the server cannot agree on a suitable cipher suite during the SSL/TLS handshake. This could be due to server configurations or limitations.

In the context of the error occurring when making a cURL call request through PHP from the same server, it suggests that the server and client (both residing on the same machine) might be facing issues during the SSL/TLS handshake process, possibly due to cipher suite compatibility issues.

Reason for this error to occur in your scenario:

The reason for this error occurring, even when the request is made on the same server, is that cURL fails during the handshake because it cannot negotiate one of the limited (but available) ciphers.

Solution

The solution is to force cURL to use TLS 1.2 and a specific cipher that matches the server’s limitations manually.

In your PHP “CURLOPT” attributes, add the following:

CURLOPT_SSLVERSION = CURL_SSLVERSION_TLSv1_2,
CURLOPT_SSL_CIPHER_LIST = 'AES256+EECDH:AES256+EDH

This will fix the problem: SSL Library Error: error:0A000126:SSL routines::unexpected eof while reading error