I'm getting the following error from google:
Google has detected that your site is using an obsolete version of TLS (TLSv1).
My hosting providers say that it's not possible to update the version of TLS on the server as the server is running PHP 5.2.17 (due to it currently running an antique application).
The Apache version is 2.2.34.
Is it possible to update TLS whilst keeping this version of PHP?
What are the consequences of running TLS v1?
Related
I have a few apps running on XAMPP in Windows 7 and wanted to enable SSL so I have secured connection when accessing them through the internet.
Current state:
My apps are running on XAMPP as web server
My apps are running on Windows 7
We can access the app with this URL: http://subdomain.domain.com:8080/myapp/
While enabling SSL on XAMPP just made it enable locally (https://localhost:8080/myapp), I wanted to enable SSL publicly instead (https://subdomain.domain.com:8080/myapp)
So, how can I made it possible to enable SSL publicly even the app running in XAMPP?
Thank you
Here is a step by step solution for your case:
Create certificate
Config Apache to access https instead of http
Config mod rewrite to generate SSL url
Config Virtual host to test site
https://gist.github.com/nguyenanhtu/33aa7ffb6c36fdc110ea8624eeb51e69
We have a PHP web application using Algolia PHP Client version 1.17 on our server, in the backend. Algolia is soon deprecating TLS 1.0 and 1.1 entirely.
How do I know which TLS version the PHP backend is using to contact Algolia? Is this strictly a web server configuration issue or is an SDK upgrade required?
The Algolia PHP API Client v1 uses a cURL client for network requests, which picks up the default system SSL version and appropriately leverages the CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER options to enforce the security of the connection.
As long as you’re enforcing TLS 1.2 in your environment, you should be fine.
I recently disabled TLS 1.0 & TLS 1.1 on a web server, but it seems to have caused some issues with some of the PHP sites I'm running.
The error in question is: "[Microsoft][ODBC Driver 11 for SQL Server]Encryption not supported on the client." but I have other sites running on TLS 1.2 on the same server, I even have other PHP-based sites still able to connect to the database despite being earlier versions of PHP (5.3.28, which I think might've even been before TLS 1.2 support was added.. so not sure how they're still functional considering the server is now restricted to TLS 1.2 only).
Anyway, I've been troubleshooting this quite a while now, and would greatly appreciate any new ideas to try.
Additional Info:
Server: Windows Server 2012 R2 Standard (IIS 8)
PHP Version: 7.0.17
curl version: 7.47.1
SSL version: OpenSSL/1.0.2h
OPENSSL_VERSION_NUMBER: 1000208f
The same sites have been able to connect to the databases in the past, just apparently not through TLS 1.2
If I can provide any other info here that would be useful, just let me know and I'll update the thread.
Thanks.
For an SSL connection failure,you may have to look into both sides
(both the client and server side). Please check the sql server and
verify if it with the help of this article on TLS 1.2
Also for the ODBC driver as well,you have to make sure all the components are updated.Refer this msdn .
There is also this powershell script which can be executed to figure out which drivers needs to be updated.
I've put together a site utilising the Stripe payment system.
Upon making a test payment over HTTPS, I get the error:
Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later.
I've made sure all my versions of software are up to date:
PHP Version: 7.0.7
cUrl Version: 7.47.1
SSL Version: OpenSSL/1.0.2h
I've also tested my site itself on https://www.ssllabs.com/ssltest/analyze.html to make sure TLS 1.2 is enabled and functional on the server.
The only thing I can think is if there is possibly an issue with the certificate bundle I have registered in php.ini (CURL curl.cainfo setting), but since Stripe source has a "ca-certificates.crt" already included I wasn't sure if I even needed to set an entry for curl.cainfo in my php.ini file.
Any advice would be massively appreciated. If there is any additional information I can provide that might help, just let me know.
EDIT: Currently using Stripe's PHP Framework v4.1.1 (Latest)
The SSL cert you mentioned is used by your server to respond to incoming requests. What this means is that if I visit your website, as a customer, my browser (Chrome) will try to talk to your server over TLS 1.2 by default as it uses the most secure protocol first. Your server is apparently able to answer requests over TLS 1.2.
The issue we have right now is that when your server contacts Stripe's servers it negotiates TLS 1.0 by default instead of TLS 1.2. Since Stripe is going to deprecate requests made with TLS < 1.2 this means your requests will start failing next year if you don't upgrade.
What I'd recommend here is to talk with your webhost about this so that they can help you look into your setup and ensure that you do support TLS 1.2 requests from your server to Stripe's. Additionally, you can follow the steps outlined at https://support.stripe.com/questions/how-do-i-upgrade-my-stripe-integration-from-tls-1-0-to-tls-1-2 to ensure that your code libraries also support TLS 1.2.
This could also be caused by an outdated version of Stripe's PHP library. They released version 3.19.0 on Friday July 29th which corrected a bug that affected some setups which might explain why you're getting this error even if your host supports TLS 1.2. You may also try updating the Stripe PHP library that you are using to the current version to see if that solves your issue.
Problem was with my local issuer certificate, turns out I was on the right track.
Had to set a default value in my php.ini file for curl_cainfo and that fixed it.
Noob question (because I'm a noob when it comes to Web development). I'm not sure whether I should ask it here or at ServerFault.
I am developing an ASP.NET Web Service and a PHP Web site consuming the Web Service. They are meant to be run on different machines. However, only for development purposes, I need to run both on my machine. I cannot use virtual machines.
I would like to know if it is possible to configure IIS Apache to host both my Web Service and my Web site? Or, do I need to host the PHP site using Apache?
I am using
IIS 7.5 Apache HTTP Server 2.2 (NOTE: I have nothing against Apache. In fact, so far I like it more than IIS, however, I would rather not have two Web server applications installed in the same machine.)
PHP 5.3.4
.NET Framework 2.0 3.0 or 3.5 (whichever comes with Visual Studio 2008)
mod_aspdotnet for Apache 2.2
You can't. The best way is to setup apache and IIS on the same machine. Since it is dev you can just bind Apache to port 8080 or something. If you need them on separate IPs you need to make sure to change IIS to not bind to all addresses if you want to run both on port 80.
My setup is similar except in dev I bind apache to port 8080 and then on production we run servers with both IIS and Apache where unique IPs have to be binded to by each server.
For running them on binded ports, same ip (dev)
http://blogs.sitepoint.com/2010/07/13/run-apache-iis-same-time-1/
For running them on same machine binded to different IPs on port 80:
http://www.monochrome.co.uk/blog/2006/06/20/running-apache-and-iis-6-together-on-the-same-server
Apache can not host ASP.net websites. You will need to install IIS, which also works for PHP. You can get an all-in-one installer from Microsoft here: http://go.microsoft.com/?linkid=9722553
Apache does not officially support ASP, however, there are ports like Apache::ASP.
Please see the Apache Server FAQ
It is possible. Look at mod_aspdotnet project.
.NET and PHP files will be triggered by extensions and/or directories. Just set them up correctly in your httpd.conf
However, you will be working with older asp version. If you are on a Windows machine, the best course of action is to set up IIS and PHP.