Technical Bulletin
The Magento software and component repository, repo.magento.com
, recently started requiring Transport Layer Security (TLS) 1.1 or later.
The PCI Security Standards Council} removed SSL/TLS 1.0 as an example of strong cryptography from the PCI Data Security Standard (PCI DSS) version 3.1, stating that it can no longer be used as a security control after June 30, 2016.
For details, see Date Change for Migrating from SSL and Early TLS.
Symptoms
If you have an earlier version of TLS, you’ll see the errors discussed in this section.
Downloading a Magento metapackage
The following error displays if you attempt to run composer create-project
to get a Magento metapackage:
1
2
3
[Composer\Downloader\TransportException]
The "https://repo.magento.com/packages.json" file could not be downloaded: Failed to enable crypto
failed to open stream: operation failed
Using the Web Setup Wizard
Actions like saving your authentication credentials or synchronizing with Magento Marketplace fail with the following error:
Solution
The solution to this issue depends on how your operating system packages TLS. See one of the following sections for more information:
Ubuntu
Make sure you’re using libcurl
. libcurl
versions 7.34 or later; these versions use TLS 1.2 by default.
To determine your libcurl
version, enter the following command:
1
curl --version
CentOS
The source of the issue is that the libcurl
library packaged with CentOS 6.6 and earlier use TLS 1.1 or earlier by default.
To determine the version of CentOS your server runs, enter the following command:
1
cat /etc/*release*
If you’re already running CentOS 6.8 or later, no action is necessary. According to the CentOS 6.8 changelog, “various applications now support TLS 1.2, i.e. OpenLDAP, yum, stunnel, vsftpd, git, postfix and others. Also TLS 1.2 has been enabled by default in various packages”.
(CentOS 7 has a newer version of libcurl
that also defaults to TLS 1.2.)
Mac OS
Recent updates to the OS X liip package should resolve the issue.