CentOS (6.3) TLS1.2 Support with cURL and OpenSSL
Posted: 2018/07/03 16:33:02
I have a problem with a production server with Centos 6.3 (final). Recently PayPal dropped support for SSLv3, TLS 1.0, and TLS 1.1 and now only support TLS 1.2. The solution seems to be have cURL to use the OpenSSL.
I have upgraded both OpenSSL, cURL and php-curl to latest using yum i.e.
OpenSSL 1.0.1e-fips 11 Feb 2013
curl 7.19.7 (x86_64_redhat-linu-gnu) .. NSS/3.27
When I then use the PHP to check the loaded cURL, the SSL version says NSS/3/27/1. Or from SSH console
[root]# php -r "print_r(curl_version());" | grep ssl_version
[ssl_version_number] => 0
[ssl_version] => NSS/3.27.1
Now I need to somehow to get the cURL to use the OpenSSL 1.0.1e-fips that is already loaded to CentOS
I have found the below article on the stackoverflow regarding the subject
https://stackoverflow.com/questions/351 ... sl-version
However it goes into removing the PHP, recompiling things etc. I am on a production server (with ISP) and do not want really any significant (risk of) downtime. So your suggestions to modify/update cURL would be greatly appreciated.
I have upgraded both OpenSSL, cURL and php-curl to latest using yum i.e.
OpenSSL 1.0.1e-fips 11 Feb 2013
curl 7.19.7 (x86_64_redhat-linu-gnu) .. NSS/3.27
When I then use the PHP to check the loaded cURL, the SSL version says NSS/3/27/1. Or from SSH console
[root]# php -r "print_r(curl_version());" | grep ssl_version
[ssl_version_number] => 0
[ssl_version] => NSS/3.27.1
Now I need to somehow to get the cURL to use the OpenSSL 1.0.1e-fips that is already loaded to CentOS
I have found the below article on the stackoverflow regarding the subject
https://stackoverflow.com/questions/351 ... sl-version
However it goes into removing the PHP, recompiling things etc. I am on a production server (with ISP) and do not want really any significant (risk of) downtime. So your suggestions to modify/update cURL would be greatly appreciated.