I ran into SSL timeouts on in local development setup when I was re-factoring some integration code with facebook and using their SDK. It was tricky to diagnose, I was sure that my changes couldn’t be the cause, and I finally confirmed it by running our production codebase. Since it was having the same timeout error, I knew the bug had to be in an underlying layer.
For the record, I’m running this version of curl on my Archlinux box:
curl 7.25.0 (x86_64-unknown-linux-gnu) libcurl/7.25.0
OpenSSL/1.0.1 zlib/1.2.6 libssh2/1.4.0
I also got the error from the command line with
curl "https://graph.facebook.com/oauth/access_token"
But it is fixed with
curl --sslv3 "https://graph.facebook.com/oauth/access_token"
Debian Server
On a debian squeeze server, with the latest (4/3/2011) version of curl:
curl 7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0
OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
The timeout does not happen with either of the following commands:
curl "https://graph.facebook.com/oauth/access_token"
curl --sslv3 "https://graph.facebook.com/oauth/access_token"
OS X
The time out does not happen on OS X which runs curl 7.21.4
Thoughts
So, this timeout only seems to affect users with very new version of curl. Fixing it requires adding a line to the Facebook PHP SDK, which while minor, you have to remember if you ever upgrade it. At the same time, this bug could come back and bite you down the road if your operating system sneaks in a newer version of curl. You can see a fork of the PHP SDK with this fix on github.
Other references: