PHP on Windows / supported TLS versions?
I've been searching online but most of the info I'm finding is not related to PHP on Windows servers.
TL;DR - for PHP on Windows, what versions of PHP supports TLS 1.2 and are there any add'l requirements? (version of openssl?)
What I'm trying to find out is relating to PCI and requirements for web sites to start using only TLS to connect to services like PayPal, Authorize.NET.
Obviously the Windows server itself has to have TLS 1.2 enabled (and the older TLS/SSL disabled) which means Server 2008 R2 and higher, but I don't know what is required in terms of PHP.
References online also mention OpenSSL that might be a factor for which TLS version is supported. Some articles online say that Windows doesn't have openssl installed by default, but a phpinfo shows me that openssl is being used (SSL Version OpenSSL/0.9.8y)
I found a test script online that can potentially be used to test TLS, which I was planning to use by testing with each version of PHP installed on the box but I only get a blank page (and if I test from command line, blank result)
Does anyone have knowledge of this?
Thank you
TL;DR - for PHP on Windows, what versions of PHP supports TLS 1.2 and are there any add'l requirements? (version of openssl?)
What I'm trying to find out is relating to PCI and requirements for web sites to start using only TLS to connect to services like PayPal, Authorize.NET.
Obviously the Windows server itself has to have TLS 1.2 enabled (and the older TLS/SSL disabled) which means Server 2008 R2 and higher, but I don't know what is required in terms of PHP.
References online also mention OpenSSL that might be a factor for which TLS version is supported. Some articles online say that Windows doesn't have openssl installed by default, but a phpinfo shows me that openssl is being used (SSL Version OpenSSL/0.9.8y)
I found a test script online that can potentially be used to test TLS, which I was planning to use by testing with each version of PHP installed on the box but I only get a blank page (and if I test from command line, blank result)
<?php
$ch = curl_init('https://www.howsmyssl.com/a/check');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
curl_close($ch);
$json = json_decode($data);
echo $json->tls_version;Does anyone have knowledge of this?
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you are using PHP cURL to connect to those services, it doesn't matter what Windows supports because cURL provides it's own versions of those things. The important part is that you have to have cURL version 7.38 or better to have the required ciphers in addition to SSL/TLS versions.
For what it's worth, OpenSSL is up to OpenSSL 1.0.1s .
https://www.openssl.org/news/openssl-1.0.1-notes.html
https://www.openssl.org/news/openssl-1.0.1-notes.html
Yap the DROWN vulnerability is just published as of 1 Mar 2016
And the thing about PHP and PHP curl is that it uses the versions that are compiled into that version of PHP. It doesn't matter what the operating system may have.
ASKER