The openssl extension is required for SSL/TLS protection

composer create-project flarum/flarum . --stability=beta

I try to run this command, but it gave me this error.

  [RuntimeException]                                                           
  The openssl extension is required for SSL/TLS protection but is not availab  
  le. If you can not enable the openssl extension, you can disable this error  
  , at your own risk, by setting the 'disable-tls' option to true.  

I tried to add "extension=php_openssl.dll" to "php.ini", but it still got this error


The same error occurred to me. I fixed it by turning off TLS for Composer, it's not safe but I assumed the risk on my develop machine.

try this:

composer config -g -- disable-tls true

and re-run your Composer. It works to me!

But it's unsecure and not recommended for your Server. The official website says:

If set to true all HTTPS URLs will be tried with HTTP instead and no network-level encryption is performed. Enabling this is a security risk and is NOT recommended. The better way is to enable the php_openssl extension in php.ini.

If you don't want to enable unsecure layer in your machine/server, then setup your php to enable openssl and it also works. Make sure the PHP Openssl extension has been installed and enable it on php.ini file.


To enable OpenSSL, add or find and uncomment this line on your php.ini file:

Linux/OSx:

extension=php_openssl.so

Windows:

extension=php_openssl.dll

And reload your php-fpm / web-server if needed!

UPDATE:

As of PHP 7.4 the extension is named extension=openssl (known for Windows).


According to the composer reference there are two relevant options: disable-tls and secure-http, which one can use. Just edit the configuration with: nano ~/.composer/config.json:

{
    "config": {
        "disable-tls": true,
        "secure-http": false
    }
}

Then it will complain about:

You are running Composer with SSL/TLS protection disabled.
Warning: Accessing getcomposer.org over http which is an insecure protocol.

But it performs the composer selfupdate (or whatever command).

One cannot simply "enable SSL in the php.ini" on Linux; PHP needs to be compiled with openSSL configured as shared library - in order to be able to access it from the PHP CLI SAPI.


I had the exact same problem and couldn't find a solution, so after thinking and looking for a while I figured that my PHP.INI apparently didn't look in the correct directory for my PHP Extensions, so I went under:

"Directory in which the loadable extensions (modules) reside." And found the following:

; http://php.net/extension-dir
; extension_dir = "./"
; On windows:
;extension_dir = "ext"

And simply removed the ; infront of "extension_dir = "ext", note this is only for Windows, remove the semicolon in front of the first extension_dir if you are running a different operating system.

I have no idea why mine wasn't already unmarked, but it's just something to look for if you are having problems.


This issue occurs due to openssl and extension directory so uncomment below extensions in php.ini file

extension=php_openssl.dll

extension_dir = "ext"

Its works on my machine.