Unable to run composer update due to SSL23_GET_SERVER_HELLO:unknown protocol error

[k0pernikus]

As of today I have troubles updating my dependencies with version 01a9c3a0ce21ce4a4ff9d7328eaeb871e7c2ca1b.

  [Composer\Downloader\TransportException]                                                                                       
  The "https://getcomposer.org/version" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:  
  error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol                                                            
  Failed to enable crypto                                                                                                        
  failed to open stream: operation failed       

I have reinstalled composer mutliple times and tried setting the:

wget https://curl.haxx.se/ca/cacert.pem
curl -sS https://getcomposer.org/installer | php -- --cafile=cacert.pem

When running diagnose I get:

./composer diagnose
Checking platform settings: FAIL
The xdebug extension is loaded, this can slow down Composer a little.
 Disabling it when using Composer is recommended.
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: FAIL
[Composer\Downloader\TransportException] The "https://packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Failed to enable crypto
failed to open stream: operation failed
Checking HTTP proxy: FAIL
[Composer\Downloader\TransportException] The "https://packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Failed to enable crypto
failed to open stream: operation failed
Checking HTTP proxy support for request_fulluri: OK
Checking HTTPS proxy support for request_fulluri: FAIL
Unable to assess the situation, maybe github is down (The "https://api.github.com/repos/Seldaek/jsonlint/zipball/1.0.0" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Failed to enable crypto
failed to open stream: operation failed)
Checking github.com rate limit: FAIL
[Composer\Downloader\TransportException] The "https://api.github.com/rate_limit" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Failed to enable crypto
failed to open stream: operation failed
Checking disk free space: OK
Checking composer version: 

  [Composer\Downloader\TransportException]                                                                                       
  The "https://getcomposer.org/version" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:  
  error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol                                                            
  Failed to enable crypto                                                                                                        
  failed to open stream: operation failed

What I find pretty peculiar is that I can access the errorneous requests via:

$ http https://getcomposer.org/version
HTTP/1.1 200 OK
Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 41
Content-Type: application/octet-stream
Date: Fri, 03 Jul 2015 13:51:44 GMT
ETag: "559690b7-29"
Last-Modified: Fri, 03 Jul 2015 13:40:07 GMT
Server: nginx

01a9c3a0ce21ce4a4ff9d7328eaeb871e7c2ca1b

So I am really confused what problem composer is having here.

[k0pernikus]

As a workaround I was able to add in my composer.json:

    "repositories": [
        {
            "type": "composer",
            "url": "http://packagist.org"
        },
        ...

[k0pernikus]

Now, composer just runs fine again even with SSL connection on the machine in question.

Totally weird behavior. If somebody could please enlighten me what plausible causes might be, it would be highly appreciated.

[iamonuwa]

I am having similar issue... Please How do I resolve this???

[sbuzonas]

SSL23_GET_SERVER_HELLO:unknown protocol generally means that your client cannot understand the protocol being sent by the server in the SSL handshake, this is often due to dated SSL libraries.

[iamonuwa]

@slbmeh Please how do I correct the issue...

[newairhost]

I've got exactly the same issue. Unable to update/install from behind the corp proxy

The "https://getcomposer.org/version" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
  error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
  Failed to enable crypto
  failed to open stream: operation failed

[newairhost]

As an Update this has been sorted by removing https_proxy variables (?!)

Currently I've got only http_proxy and HTTP_PROXY system variables set through "export" in my .bashrc (Windows 7)

[sbuzonas]

The command openssl ciphers will show you the default cipher list for openssl, nmap --script ssl-enum-ciphers -p 443 getcomposer.org will show you what ciphers are available to connect to getcomposer.org with.

[hazcod]

Confirming that unsetting https_proxy permits composer update.

[firdausshajahan]

I manage to solve by download a cacert.pem file. Here is the link that discuss about the error
http://stackoverflow.com/questions/27206719/composer-update-fails-while-updating-from-packagist

[rrosas]

Thanks @newairhost you save me a lot of trouble... unsetting https_proxy enables composer to work

[jmeickle]

I also have this problem when https_proxy is set.

[Seldaek]

Closing as I'm not sure what we can do.. seems to be broken proxies.

[SalvadorP]

@hazcod Solution worked for me, thanks.
Commenting or deleting https_proxy configuration also worked for me.

[maiksuaco]

Check that your https_proxy is not equal to https://yourproxy.com or something like this.

[AnnaFu]

where to find https_proxy?

[maiksuaco]

Run in console echo $https_proxy

[AnnaFu]

Hi @maiksuaco , I am using windows here. Do you mean to run it on cmd?

[maiksuaco]

Upss @AnnaFu windows i dont know but anyany try in verbose mode to see more description of your error...i dont if it helps but try it.

[flowl]

This is not a proxy issue.
If you are working behind a proxy, you are likely to be required to use https_proxy=x.x.x.x:8080. If you don't work behind a proxy, you don't need it of course!

Importing root certificates from an unencrypted source / without transport security like http://curl.haxx.se/ca/cacert.pem is really not a clever idea.
Someone might already have compromised your server.
Use the origin with transport security instead: https://curl.haxx.se/ca/cacert.pem

Either way, we shouldn't alter the composer.phar locally. A fix should be committed instead.

[ghost]

@flowl

While I generally agree with not using an unencrypted source, in the case of haxx.se, HSTS prevents any user from ever communicating with that name over an unencrypted channel. e.g.:

curl -s -D- https://curl.haxx.se/ | grep Strict
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

you'll see if you ever try to request anything from haxx.se over http, it will do a 307 redirect to https, so even using something like wifi pineapple wouldn't allow http MITM hijack

[flowl]

@saatchimatt good point as of today, but some time ago there were no HSTS headers and redirects on that domain.

Just found this on their site:

January 29 2016 - The curl web site is now served over HTTPS and with HTTP/2 - with certificates from Let's Encrypt. Starting February 3, the curl site automatically redirects all http accesses to its https version. No more HTTP accesses to contents.

[andangr]

excelent, unset https_proxy worked for me..
to check your https_proxy, just run this command, "echo $https_proxy"

[AdiechaHK]

Perfect, unset https_proxy also worked for me, thanks alot.

[jafartke]

Due to Permission issue, i tried with SUDO it works for me

sudo php composer-setup.php

[adam-gilman]

This worked for me:

wget https://curl.haxx.se/ca/cacert.pem
then
curl -sS https://getcomposer.org/installer | php -- --cafile=cacert.pem

[leonhoffmann86]

Simply add this configuration to your composer.json file.

"config": {
"secure-http": false
}

[shredder2003]

Downloading (failed) Failed to download friendsofphp/php-cs-fixer from dist: The "https://api.github.com/repos/FriendsOfPHP/PHP-CS-Fixer/zipball/ceaff36bee1ed3f1bbbedca36d2528c0826c336d" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
Failed to enable crypto
failed to open stream: operation failed
Now trying to download from source

doesnt work on Keenetic router and on QNAP NAS thru Entware.

[fuzzy76]

I'm on a server that require proxy to connect to the outside world. And still this worked:

https_proxy='' composer install

The only way I can see this makes sense is if it tricks composer into doing regular http for all requests. http_proxy is set to our company proxy.

[IvanAlekseevichPopov]

apt install ca-certificates worked for me in debian based container