Problems with OpenSSL and Curl

[mcpacific]

I recently moved to a new server. After using Easy Apache 3 to compile php, etc. I get the following warning in a security checkup for software I use:

Secure TLS Support in cURL
cURL reports that it does not support Secure TLS 1.1 and 1.2. Make sure an SSL library that support TLS 1.1 and 1.2 is installed and supported by cURL.

When I view phpinfo() I see that OpenSSL shows OpenSSL/1.0.0, even though when I rpm -qa | grep openssl I get

openssl-1.0.1e-42.el6_7.4.x86_64
openssl-devel-1.0.1e-42.el6_7.4.x86_64

yum update openssl reports "No packages marked for Update"

Similarly, when I rpm -qa | grep curl I get

python-pycurl-7.19.0-8.el6.x86_64
curl-7.19.7-46.el6.x86_64
libcurl-7.19.7-46.el6.x86_64

and yum update curl gives "No packages marked for Update"

I just tried rebuilding my profile in Easy Apache 3 and I got a build failure.

 

[mcpacific]

I should add the report after Easy Apache 3 build fails:

!!
Here are some details that may be helpful: !! '/opt/pcre' is up to date but looks like it has local modifications. If you experience any trouble remove '/opt/pcre' so that it will be rebuilt fresh. !! !! '/opt/xml2/' is up to date but looks like it has local modifications. If you experience any trouble remove '/opt/xml2/' so that it will be rebuilt fresh. !! !! '/opt/lua/' is up to date but looks like it has local modifications. If you experience any trouble remove '/opt/lua/' so that it will be rebuilt fresh. !! !! '/opt/pcre' is up to date but looks like it has local modifications. If you experience any trouble remove '/opt/pcre' so that it will be rebuilt fresh. !! !! '/opt/curlssl/' is up to date but looks like it has local modifications. If you experience any trouble remove '/opt/curlssl/' so that it will be rebuilt fresh. !! !! '/opt/curlssl/' is up to date but looks like it has local modifications. If you experience any trouble remove '/opt/curlssl/' so that it will be rebuilt fresh. !! !! '/opt/php_with_imap_client/' is up to date but looks like it has local modifications. If you experience any trouble remove '/opt/php_with_imap_client/' so that it will be rebuilt fresh. !! !! '/opt/libmcrypt/' is up to date but looks like it has local modifications. If you experience any trouble remove '/opt/libmcrypt/' so that it will be rebuilt fresh. !! !! '/opt/xml2/' is up to date but looks like it has local modifications. If you experience any trouble remove '/opt/xml2/' so that it will be rebuilt fresh. !! !! '/opt/pcre' is up to date but looks like it has local modifications. If you experience any trouble remove '/opt/pcre' so that it will be rebuilt fresh. !! !!

 

[cPanelMichael]

Hello,

Could you try moving those directories out of /opt and then rebuilding Apache via EasyApache to see if the issue persists? Here's an example, but you should do this for all of the directories listed in the output from your last response:

mkdir /root/old-opt
mv /opt/curlssl /root/old-opt/

Thank you.

 

[supportmwm]

Hi @cPanelMichael

I have run into the same problem as above user - my curl version of OS (Centos 6.8) shows latest version of OpenSSL however the php compiled version of curl shows openssl 1.0.0 - although I am not getting any errors while running easyapache3. Do you know if above method would resolve issue in this case?

Thanks

 

[cPanelMichael]

Hi @cPanelMichael

I have run into the same problem as above user - my curl version of OS (Centos 6.8) shows latest version of OpenSSL however the php compiled version of curl shows openssl 1.0.0 - although I am not getting any errors while running easyapache3. Do you know if above method would resolve issue in this case?

Thanks

You could utilize a custom cURL version compiled against the system's OpenSSL version on EasyApache 3 using the instructions on the following thread:

cURL with AsynchDNS

Thank you.