How to enable tls in php

composer create-project flarum/flarum . --stability=beta

I try to run this command, but it gave me this error.

  [RuntimeException]                                                           
  The openssl extension is required for SSL/TLS protection but is not availab  
  le. If you can not enable the openssl extension, you can disable this error  
  , at your own risk, by setting the 'disable-tls' option to true.  

I tried to add "extension=php_openssl.dll" to "php.ini", but it still got this error

marlo

6,0004 gold badges26 silver badges30 bronze badges

asked Feb 7, 2016 at 4:09

4

The same error occurred to me. I fixed it by turning off TLS for Composer, it's not safe but I assumed the risk on my develop machine.

try this:

composer config -g -- disable-tls true

and re-run your Composer. It works to me!

But it's unsecure and not recommended for your Server. The official website says:

If set to true all HTTPS URLs will be tried with HTTP instead and no network-level encryption is performed. Enabling this is a security risk and is NOT recommended. The better way is to enable the php_openssl extension in php.ini.

If you don't want to enable unsecure layer in your machine/server, then setup your php to enable openssl and it also works. Make sure the PHP Openssl extension has been installed and enable it on php.ini file.

To enable OpenSSL, add or find and uncomment this line on your php.ini file:

Linux/OSx:

extension=php_openssl.so

Windows:

extension=php_openssl.dll

And reload your php-fpm / web-server if needed!

UPDATE:

As of PHP 7.4 the extension is named extension=openssl (known for Windows).

answered Feb 17, 2016 at 19:32

9

According to the composer reference there are two relevant options: disable-tls and secure-http, which one can use. Just edit the configuration with: nano ~/.composer/config.json:

{
    "config": {
        "disable-tls": true,
        "secure-http": false
    }
}

Then it will complain about:

You are running Composer with SSL/TLS protection disabled.
Warning: Accessing getcomposer.org over http which is an insecure protocol.

But it performs the composer selfupdate (or whatever command).

One cannot simply "enable SSL in the php.ini" on Linux; PHP needs to be compiled with openSSL configured as shared library - in order to be able to access it from the PHP CLI SAPI.

answered Nov 19, 2016 at 7:52

Martin ZeitlerMartin Zeitler

63.7k15 gold badges133 silver badges191 bronze badges

1

I had the exact same problem and couldn't find a solution, so after thinking and looking for a while I figured that my PHP.INI apparently didn't look in the correct directory for my PHP Extensions, so I went under:

"Directory in which the loadable extensions (modules) reside." And found the following:

; http://php.net/extension-dir
; extension_dir = "./"
; On windows:
;extension_dir = "ext"

And simply removed the ; infront of "extension_dir = "ext", note this is only for Windows, remove the semicolon in front of the first extension_dir if you are running a different operating system.

I have no idea why mine wasn't already unmarked, but it's just something to look for if you are having problems.

answered Feb 16, 2017 at 22:32

2

This issue occurs due to openssl and extension directory so uncomment below extensions in php.ini file

extension=php_openssl.dll

extension_dir = "ext"

Its works on my machine.

answered Mar 16, 2017 at 9:58

Vrushal RautVrushal Raut

8841 gold badge14 silver badges17 bronze badges

1

To enable openssl go into php.ini and enable this line:

extension=php_openssl.dll

if you don't want enable openssl you can set to composer not use openssl with this command:

composer config -g -- disable-tls true

however, this is a security problem.

answered Mar 8, 2017 at 19:53

Clairton LuzClairton Luz

1,96019 silver badges15 bronze badges

2

After trying everything, I finally managed to get this sorted. None of the above suggested solutions worked for me. My system is A PC Windows 10. In order to get this sorted I had to change the config.json file located here C:\Users\[Your User]\AppData\Roaming\Composer\. In there, you will find:

{
    "config": {
        "disable-tls": true},
    "repositories": {
        "packagist": {
            "type": "composer",
            "url": "http://repo.packagist.org" // this needs to change to 'https'
        }
    }
}

where you need to update the packagist repo url to point to the 'https' url version.

I am aware that the above selected solution will work for 95% of the cases, but as I said, that did not work for me. Hope this helps someone.

Happy coding!

answered Aug 24, 2020 at 7:35

I had the same problem. I tried everything listed on this page. When I re-installed Composer it worked like before. I had a PHP version mismatch that was corrected with a new install establishing the dependencies with the PHP path installed in my system environment variables.

I DO NOT RECOMMEND the composer config -g -- disable-tls true approach.

By the way the way to reverse this is composer config -g -- disable-tls false.

answered Oct 22, 2019 at 19:59

1

I just add this because it worked for me, i install composer with the developer option activate (just check the box in the installer)

https://getcomposer.org/Composer-Setup.exe

I think this problem may occurs when you add a new version of php to your wamp server. If you do this, you have to check if the extension_dir variable is configure to "env".

Then check if the php_openssl.dll exist in your phpx.x/ext folder. If there is not php_openssl.dll, you have to download it here : http://www.telecharger-dll.fr/dll-php_openssl.dll.html

If it still not working, check if your apache server use the good php.ini file by running the following cmd command :

php --ini

Configuration File (php.ini) Path: C:\Windows
Loaded Configuration File:         C:\wamp64\bin\php\php7.4.7x64\php.ini
Scan for additional .ini files in: (none)
Additional .ini files parsed:      (none)

If the loaded configuration file return (none), you have to check your appache/apache2.4.41/conf/httpd.conf file is configure with the proper phpIniDir and the correct module.

It must be something like this :

PHPIniDir "${APACHE_DIR}/bin"
LoadModule php7_module "${INSTALL_DIR}/bin/php/php7.4.7x64/php7apache2_4.dll"

Then restart apache and check the "apache/apache2.4.41/bin/php.ini" (wich is the one configure above by PHPIniDir) it must me like

answered Jun 20, 2020 at 14:58

 composer config --global disable-tls true
 composer config --global disable-tls false

answered Dec 2, 2020 at 2:06

For me on Windows 10 none of those worked ... I had changed my local server from WAMP to Laragon and had to add the new path to the php.ini in the Environment Variables under:

Control Panel --> Advanced System Settings --> Environment Variables --> Path (double click) --> Browse... then navigate to the php.ini and click ok.

After that a reboot was needed and now composer works like a charm!

answered Mar 11, 2020 at 2:16

I had this issue on IIS on my new home server when attempting to install Magento. To fix it i added the above: extension=php_openssl.dll in my php.ini and then restarted my IIS server on Windows 10 Pro.

answered Apr 28, 2021 at 22:52

SebastianSebastian

3542 silver badges11 bronze badges

I was just having this issue, but these solutions weren't working since I installed PHP and Apache independently without Xampp or Wamp.

The problem for me turned out to be that I was trying to run composer from Git for Windows instead of cmd or PowerShell—where it turned out to be working fine.

My solution was to add a symlink from my /c/php/php.ini (C:\php\php.ini) to my /bin/ directory (C:\Program Files\Git\bin).

answered Aug 29 at 4:53

1

Does PHP use TLS?

How do you fix the openssl extension is required for SSL TLS protection but is not available?

How do I enable TLS SSL?

How do I set up TLS?