hello,
I have this bug on production machine (windows 2022 server with IIS and php)
when there is the call to api. openai. com / v1
I get this error :
SSL routines:ssl3_get_key_exchange:bad signature
Same code on windows10 machine or windows11 machine it is working fine.
I cannot undestand where the problem is.
I checked already TLS, SSL and Cipher but with no luck.
Anyone have already have this issue and fixed it?
Thanks for help
Nick
in powershell type
Get-TlsCipherSuite
Do you find: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
and could you post the result of phpinfo() please
and maybe try a curl request with verbose?
<?php
$api_key = "YOUR_OPENAI_API_KEY";
$url = "https://api.openai.com/v1/chat/completions";
$data = [
"model" => "gpt-4o",
"messages" => [
["role" => "system", "content" => "You are a helpful assistant."],
["role" => "user", "content" => "Hello!"]
]
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"Content-Type: application/json",
"Authorization: Bearer $api_key"
]);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_VERBOSE, true);
$verbose = fopen('php://stderr', 'w');
curl_setopt($ch, CURLOPT_STDERR, $verbose);
// if available
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
$response = curl_exec($ch);
if (curl_errno($ch)) {
echo "cURL error: " . curl_error($ch);
} else {
echo "Response: " . $response;
}
curl_close($ch);
Btw are you also using docker?
Hi,
the cipher is found
KeyType : 0
Certificate : RSA
MaximumExchangeLength : 65536
MinimumExchangeLength : 0
Exchange : ECDH
HashLength : 0
Hash :
CipherBlockLength : 16
CipherLength : 128
BaseCipherSuite : 49199
CipherSuite : 49199
Cipher : AES
Name : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Protocols : {771, 65277}
from your php page this is the error:
cURL error: error:04091068:rsa routines:INT_RSA_VERIFY:bad signature
I’m not using docker.
from php info
| OpenSSL support | enabled |
|---|---|
| OpenSSL Library Version | OpenSSL 1.0.2k 26 Jan 2017 |
| OpenSSL Header Version | OpenSSL 1.0.2k 26 Jan 2017 |
| Openssl default config | c:/usr/local/ssl/openssl.cnf |
| cURL support | enabled |
|---|---|
| cURL Information | 7.54.1 |
| Age | 3 |
| Features | |
| AsynchDNS | Yes |
| CharConv | No |
| Debug | No |
| GSS-Negotiate | No |
| IDN | Yes |
| IPv6 | Yes |
| krb4 | No |
| Largefile | Yes |
| libz | Yes |
| NTLM | Yes |
| NTLMWB | No |
| SPNEGO | Yes |
| SSL | Yes |
| SSPI | Yes |
| TLS-SRP | No |
| HTTP2 | Yes |
| GSSAPI | No |
| KERBEROS5 | Yes |
| UNIX_SOCKETS | No |
| PSL | No |
| Protocols | dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, pop3, pop3s, rtsp, scp, sftp, smtp, smtps, telnet, tftp |
| Host | x86_64-pc-win32 |
| SSL Version | OpenSSL/1.0.2k |
| ZLib Version | 1.2.8 |
| libSSH Version | libssh2/1.8.0 |
The same configuration on win11 and win10 with the same parameters is working fine, I don’t understand why…
Thanks for help
| OpenSSL support | enabled |
|---|---|
| OpenSSL Library Version | OpenSSL 1.0.2k 26 Jan 2017 |
| OpenSSL Header Version | OpenSSL 1.0.2k 26 Jan 2017 |
| Openssl default config | c:/usr/local/ssl/openssl.cnf |
2017 - there you have it, Dino 
Welcome to 2025. Upgrade your PHP version - specifically compiled with an OpenSSL Version > 1.1
OK I will do,
but why in win10 and win11 it is working with same configuration?
Thanks 
Can you post a phpinfo of the otherone?