frasierphilips
asked on
Legacy XAMPP PHP or CURL upgrade
I am managing a very old XAMPP installation (1.7.3) which has been absolutely rock-solid for years. Now, unfortunately, the company that provides a payment gateway that the system has been connecting to has decided to upgrade from TLS1.0 to TLS1.2 (for obvious reasons). The version of PHP running on the install is 5.3.1 which comes with CURL 7.19.6
This version of CURL does not support TLS 1.2 encryption, the earliest version that does is CURL 7.34.0
As a quick fix, I've tried to upgrade the PHP installation to the latest one (7.26 I think) however, both methods I've tried result in Apache failing to restart - does anyone have any suggestions as to how I can upgrade the CURL or PHP? Failing that, is there any alternative to CURL which will encrypt the data correctly, i.e. to TLS1.2 standard.
The XAMPP is running on Windows 7 64 bit
This version of CURL does not support TLS 1.2 encryption, the earliest version that does is CURL 7.34.0
As a quick fix, I've tried to upgrade the PHP installation to the latest one (7.26 I think) however, both methods I've tried result in Apache failing to restart - does anyone have any suggestions as to how I can upgrade the CURL or PHP? Failing that, is there any alternative to CURL which will encrypt the data correctly, i.e. to TLS1.2 standard.
The XAMPP is running on Windows 7 64 bit
ASKER
Thanks for your very thorough response, unfortunately it does confirm my fears. Whilst it's true the installation is in a production environment, it's used to run a booking system on a closed network so security isn't such a massive issue. The installation runs Activestate Perl and has quite a lot of custom configuration so, as a stop gap, it would have made sense to try and tweak the existing setup. It's going to be a pretty big job to re-establish the platform as you suggest though I think that might be the only option.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
If I'm invoking the shell, wouldn't it be just as simple to use one of the several cURL.exe variants available?
It's possible. It depends on your actual architecture - I didn't want to assume anything.
ASKER
It's running on top of Windows 7 64 Bit Professional, I've used shell to zip things before so I think we should be good - thanks, I just needed a prompt!
It sounds like you might be using XAMPP for a production environment, though, and I'd STRONGLY recommend that you don't do that. In my opinion, XAMPP (and most other all-in-one installers) are designed to be development platforms. They come with lots of debugging tools and extensions, which can introduce risk in your production environment.
My personal recommendation is:
1. Ensure you have downloaded the "VC15 x64 Thread Safe" build of PHP 7.2.6:
https://windows.php.net/download#php-7.2
2. Download Apache 2.4.x Win64 from ApacheLounge:
https://www.apachelounge.com/download/
3. Unzip PHP and Apache into a structure like this:
C:\WAMP\Apache246
C:\WAMP\PHP726
4. Copy over your php.ini from XAMPP into the new PHP 7.2.6 folder, and update any paths and extensions in that ini file (e.g. mcrypt extension is deprecrated in favor of openssl, mysql extension is deprecated in favor of mysqli, etc...)
5. Convert your existing Apache configuration from XAMPP to your new Apache installation. Usually I just:
- Copy over the VirtualHost entries
- Enable any mods (e.g. mod_rewrite) that were on the old installation
- Copy over any SSL setup
- Add the PHP handler configuration for PHP 7.2.6 (php7apache_2_4.dll)
- Set up using port 8080 and 8443 (8443 if SSL is enabled)
- Test the configuration (apachectl -t on the command line)
- Set it up as a Windows service (apachectl -k install on the command line)
That should put you on a basic working setup with all the new versions, including all the latest SSL capabilities.