Home » Php » The openssl extension is required for SSL/TLS protection

The openssl extension is required for SSL/TLS protection

Posted by: admin November 30, 2017 Leave a comment

composer create-project flarum/flarum . --stability=beta

I try to run this command, but it gave me this error.

  The openssl extension is required for SSL/TLS protection but is not availab  
  le. If you can not enable the openssl extension, you can disable this error  
  , at your own risk, by setting the 'disable-tls' option to true.  

I tried to add “extension=php_openssl.dll” to “php.ini”, but it still got this error


The same error ocurred to me. I fixed it by turning off TLS for Composer, it’s not safe but I assumed the risk on my develop machine.

try this:

composer config -g -- disable-tls true

and re-run your Composer. It works to me!

But it’s unsecure and not recommended for your Server. The oficial website says:

If set to true all HTTPS URLs will be tried with HTTP instead and no network level encryption is performed. Enabling this is a security risk and is NOT recommended. The better way is to enable the php_openssl extension in php.ini.

If you don’t want to enable unsecure layer in your machine/server, then setup your php to enable openssl and it also works. Make sure the PHP Openssl extension has be installed and enable it on php.ini file.

To enable OpenSSL, add or find and uncomment this line on your php.ini file:





And reload your php-fpm / web-server if needed!


according to the composer reference there are two relevant options: disable-tls and secure-http.

nano ~/.composer/config.json

    "config": {
        "disable-tls": true,
        "secure-http": false

then it complains much:

You are running Composer with SSL/TLS protection disabled.
Warning: Accessing getcomposer.org over http which is an insecure protocol.

but it performs the composer selfupdate (or whatever).

while one cannot simply “enable SSL in the php.ini” on Linux; PHP needs to be compiled with openSSL configured as shared library – in order to be able to access it from the PHP CLI SAPI.


I had the exact same problem and couldn’t find a solution, so after thinking and looking for a while I figured that my PHP.INI apparently didn’t look in the correct directory for my PHP Extensions, so I went under:

“Directory in which the loadable extensions (modules) reside.”
And found the following:

; http://php.net/extension-dir
; extension_dir = "./"
; On windows:
;extension_dir = "ext"

And simply removed the ; infront of “extension_dir = “ext”, note this is only for Windows, remove the semicolon in front of the first extension_dir if you are running a different operating system.

I have no idea why mine wasn’t already unmarked, but it’s just something to look for if you are having problems.


To enable openssl go into php.ini and enable this line:


if you don’t want enable openssl you can set to composer not use openssl with this command:

composer config -g -- disable-tls true

however, this is a security problem.


This issue occurs due to openssl and extension director so uncomment below extensions in php.ini file

extension_dir = "ext"

Its works on my machine.