The openssl extension is required for SSL/TLS protection
The same error occurred to me. I fixed it by turning off TLS for Composer, it's not safe but I assumed the risk on my develop machine.
try this:
composer config -g -- disable-tls true
and re-run your Composer. It works to me!
But it's unsecure and not recommended for your Server. The official website says:
If set to true all HTTPS URLs will be tried with HTTP instead and no network-level encryption is performed. Enabling this is a security risk and is NOT recommended. The better way is to enable the php_openssl extension in php.ini.
If you don't want to enable unsecure layer in your machine/server, then setup your php to enable openssl and it also works. Make sure the PHP Openssl extension has been installed and enable it on php.ini file.
To enable OpenSSL, add or find and uncomment this line on your php.ini file:
Linux/OSx:
extension=php_openssl.so
Windows:
extension=php_openssl.dll
And reload your php-fpm / web-server if needed!
UPDATE:
As of PHP 7.4 the extension is named extension=openssl
(known for Windows).
According to the composer reference there are two relevant options: disable-tls
and secure-http
, which one can use. Just edit the configuration with: nano ~/.composer/config.json
:
{
"config": {
"disable-tls": true,
"secure-http": false
}
}
Then it will complain about:
You are running Composer with SSL/TLS protection disabled.
Warning: Accessing getcomposer.org over http which is an insecure protocol.
But it performs the composer selfupdate
(or whatever command).
One cannot simply "enable SSL in the php.ini" on Linux; PHP needs to be compiled with openSSL configured as shared
library - in order to be able to access it from the PHP CLI SAPI.