PHP on Windows / supported TLS versions?

1
votes

I've been searching online but most of the info I'm finding is not related to PHP on Windows servers.

TL;DR - for PHP on Windows, what versions of PHP supports TLS 1.2 and are there any add'l requirements? (version of openssl?)

What I'm trying to find out is relating to PCI and requirements for web sites to start using only TLS to connect to services like PayPal, Authorize.NET.

Obviously the Windows server itself has to have TLS 1.2 enabled (and the older TLS/SSL disabled) which means Server 2008 R2 and higher, but I don't know what is required in terms of PHP.

References online also mention OpenSSL that might be a factor for which TLS version is supported. Some articles online say that Windows doesn't have openssl installed by default, but a phpinfo shows me that openssl is being used (SSL Version OpenSSL/0.9.8y)

Note: This question was asked from https://www.experts-exchange.com/questions/28930112/PHP-on-Windows-supported-TLS-versions.html. I just happened to have the exact same question..

1
phpwindowssslopenssltls1.2
first google hit seems to answer this: blogs.msdn.microsoft.com/kaushal/2011/10/02/… - user9487972
PHP is build-time agnostic to the openssl version being used: secure.php.net/manual/en/openssl.installation.php -- As for TLS1.2 support see When was TLS 1.2 support added to OpenSSL? - mario
Most Windows users are likely to download their builds from windows.php.net, and do not build it themselves. Therefore the question is probably in relation to those builds, for which the OpenSSL version is known (though not, as far as I can see, documented). - HappyDog

1 Answers

0
votes

The linked-to question on Expert's Exchange also seems to provide an answer:

it looks like openssl 1.0.1 is needed for TLS 1.2 in PHP, and in WIndows it looks like this is compiled in PHP 5.5 and higher

That matches with my experience of the builds downloaded from windows.php.net, though I haven't done an in-depth test of specific minor versions.

Note that support is based on the version of OpenSSL that PHP (or the PHP curl extension) were built with and is not affected by the libraries used by Windows itself. Therefore running PHP 5.3 (for example) on a version of Windows that supports TLS 1.2 will not give you TLS 1.2 support in PHP.

Obviously, if you were to compile your own version of PHP from source, then the answer would depend on what versions of the OpenSSL and cURL libraries you use when you perform the build, and in that context there is no inherent link between PHP versions and TLS 1.2 support.

However, using the pre-built binaries from windows.php.net, PHP 5.5 is the minimum requirement.