centos 6/7 支持 Paypal TLSv1.2 的更新方法

前端之家收集整理的这篇文章主要介绍了centos 6/7 支持 Paypal TLSv1.2 的更新方法前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

Paypal 要求TLSv1.2

paypal最近升级要求必须使用 TLSv1.2,按照官方的升级方法和测试,其实并不准确!

官方的升级教程:https://github.com/paypal/TLS-update#php
官方的检测工具:
https://github.com/paypal/TLS-update/blob/master/php/cacert.pem
https://github.com/paypal/TLS-update/blob/master/php/TlsCheck.php

PHP -f TlsCheck.PHP
On success:
PayPal_Connection_OK
On failure:
curl_error information

正确的检测

<?PHP $url = 'https://fancyssl.hboeck.de/'; $protocols = [ 'TLS1.0' => ['protocol' => CURL_SSLVERSION_TLSv1_0,'sec' => false],'TLS1.1' => ['protocol' => CURL_SSLVERSION_TLSv1_1,'TLS1.2' => ['protocol' => CURL_SSLVERSION_TLSv1_2,'sec' => true],'TLS1.3' => ['protocol' => CURL_SSLVERSION_TLSv1_3,]; foreach ($protocols as $name => $value) { $ch = curl_init(); curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_SSLVERSION,$value['protocol']); curl_setopt($ch,CURLOPT_RETURNTRANSFER,true); $response = curl_exec($ch) !== false; if ($value['sec'] && !$response) { echo "Secure $name not supported =( \n"; } elseif ($value['sec'] && $response) { echo "Ok! Secure $name supported \n"; } elseif (!$value['sec'] && $response) { echo "Insecure $name supported =( \n"; } elseif (!$value['sec'] && !$response) { echo "Ok! Insecure $name not supported\n"; } }

代码来源:https://stackoverflow.com/questions/49186863/php-how-to-see-if-a-server-supports-tls-1-0

升级 PHP CURL扩展

发现 7.19.7 的版本依旧是不能,但是 7.29.0 的版本是可以的。
升级仓,新起一个文件 /etc/yum.repos.d/cityfan.repo

[city-fan.org]
name=city-fan.org repository for Red Hat Enterprise Linux (and clones) $releasever ($basearch)
baseurl=http://mirror.city-fan.org/ftp/contrib/yum-repo/rhel$releasever/$basearch

mirrorlist=http://mirror.city-fan.org/ftp/contrib/yum-repo/mirrorlist-rhel$releasever
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-city-fan.org

执行yum install libcurl 升级PHP_curl 之后,不要忘了重启 PHP-fpm 以生效。
centos6 可以使用 service PHP-fpm restart ,centos7 可以用systemctl restart PHP-fpm
centos6 不标准安装的PHP-fpm 重启方式

killall PHP-fpm
/usr/sbin/PHP-fpm -y /etc/PHP-fpm.d/www.conf

最后打印一下配置:

[root@vs2 ~]# PHP -r 'echo json_encode(curl_version(),JSON_PRETTY_PRINT);'
{
    "version_number": 474112,"age": 4,"features": 3113885,"ssl_version_number": 0,"version": "7.60.0","host": "x86_64-redhat-linux-gnu","ssl_version": "OpenSSL\/1.0.1e","libz_version": "1.2.3","protocols": [
        "dict","file","ftp","ftps","gopher","http","https","imap","imaps","ldap","ldaps","pop3","pop3s","rtsp","scp","sftp","smb","smbs","smtp","smtps","telnet","tftp"
    ]
[root@vs2 ~]# 

猜你在找的CentOS相关文章