composer: Unable to run composer update due to SSL23_GET_SERVER_HELLO:unknown protocol error

As of today I have troubles updating my dependencies with version 01a9c3a0ce21ce4a4ff9d7328eaeb871e7c2ca1b.

  [Composer\Downloader\TransportException]                                                                                       
  The "https://getcomposer.org/version" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:  
  error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol                                                            
  Failed to enable crypto                                                                                                        
  failed to open stream: operation failed

I have reinstalled composer mutliple times and tried setting the:

wget https://curl.haxx.se/ca/cacert.pem
curl -sS https://getcomposer.org/installer | php -- --cafile=cacert.pem

When running diagnose I get:

./composer diagnose
Checking platform settings: FAIL
The xdebug extension is loaded, this can slow down Composer a little.
 Disabling it when using Composer is recommended.
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: FAIL
[Composer\Downloader\TransportException] The "https://packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Failed to enable crypto
failed to open stream: operation failed
Checking HTTP proxy: FAIL
[Composer\Downloader\TransportException] The "https://packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Failed to enable crypto
failed to open stream: operation failed
Checking HTTP proxy support for request_fulluri: OK
Checking HTTPS proxy support for request_fulluri: FAIL
Unable to assess the situation, maybe github is down (The "https://api.github.com/repos/Seldaek/jsonlint/zipball/1.0.0" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Failed to enable crypto
failed to open stream: operation failed)
Checking github.com rate limit: FAIL
[Composer\Downloader\TransportException] The "https://api.github.com/rate_limit" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Failed to enable crypto
failed to open stream: operation failed
Checking disk free space: OK
Checking composer version: 

  [Composer\Downloader\TransportException]                                                                                       
  The "https://getcomposer.org/version" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:  
  error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol                                                            
  Failed to enable crypto                                                                                                        
  failed to open stream: operation failed

What I find pretty peculiar is that I can access the errorneous requests via:

$ http https://getcomposer.org/version
HTTP/1.1 200 OK
Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 41
Content-Type: application/octet-stream
Date: Fri, 03 Jul 2015 13:51:44 GMT
ETag: "559690b7-29"
Last-Modified: Fri, 03 Jul 2015 13:40:07 GMT
Server: nginx

01a9c3a0ce21ce4a4ff9d7328eaeb871e7c2ca1b

So I am really confused what problem composer is having here.

About this issue

Original URL
State: closed
Created 9 years ago
Comments: 30 (3 by maintainers)

Most upvoted comments

Due to Permission issue, i tried with SUDO it works for me

sudo php composer-setup.php

+15

jafartke on May 19, 2017

Confirming that unsetting https_proxy permits composer update.

hazcod on Aug 28, 2015

Simply add this configuration to your composer.json file.

“config”: { “secure-http”: false }

leonhoffmann86 on Sep 3, 2019

excelent, unset https_proxy worked for me… to check your https_proxy, just run this command, “echo $https_proxy”

andangr on Dec 15, 2016

As an Update this has been sorted by removing https_proxy variables (?!)

Currently I’ve got only http_proxy and HTTP_PROXY system variables set through “export” in my .bashrc (Windows 7)

newairhost on Jul 20, 2015

Perfect, unset https_proxy also worked for me, thanks alot.

AdiechaHK on Feb 3, 2017

This is not a proxy issue. If you are working behind a proxy, you are likely to be required to use https_proxy=x.x.x.x:8080. If you don’t work behind a proxy, you don’t need it of course!

Importing root certificates from an unencrypted source / without transport security like http://curl.haxx.se/ca/cacert.pem is really not a clever idea. Someone might already have compromised your server. Use the origin with transport security instead: https://curl.haxx.se/ca/cacert.pem

Either way, we shouldn’t alter the composer.phar locally. A fix should be committed instead.

flowl on Jul 12, 2016

As a workaround I was able to add in my composer.json:

    "repositories": [
        {
            "type": "composer",
            "url": "http://packagist.org"
        },
        ...

k0pernikus on Jul 3, 2015

@saatchimatt good point as of today, but some time ago there were no HSTS headers and redirects on that domain.

Just found this on their site:

January 29 2016 - The curl web site is now served over HTTPS and with HTTP/2 - with certificates from Let’s Encrypt. Starting February 3, the curl site automatically redirects all http accesses to its https version. No more HTTP accesses to contents.

flowl on Nov 30, 2016

Check that your https_proxy is not equal to https://yourproxy.com or something like this.

maiksuaco on May 6, 2016