I need to be able to use TLS 1.3 via Guzzle (as the end point only supports 1.3).
The problem I'm finding is that it goes against Centos 7 to upgrade to a high enough version of libcurl to get TLS 1.3 - which would be a bad idea for the stability of CentOS.
I was wondering if there's any way to get Guzzle to understand TLS 1.3 other than by updating libcurl.
I thought maybe using a Stream Handler in Guzzle, but I'm not sure if this would add support.
Any ideas?
According to https://access.redhat.com/solutions/4615861 (Is it possible to have TLS 1.3 support on RHEL 7 and earlier versions?) the answer is "No".
Resolution
The latest version available of openssl for RHEL 7 is 1.0.2k-fips, which has no support for TLS 1.3 . There is currently no plan to implement TLS 1.3 support for RHEL 7 and earlier versions. Red Hat recommends to upgrade to RHEL 8 for TLS 1.3 support.
Even newer IUS PHP versions are still limited to TLS 1.2. https://rpms.remirepo.net/wizard/ has modern PHP packages but I think they are still linked to OpenSSL 1.0.2 or and older libcurl versions (but I am not sure so I'd encourage you to try those packages).
If absolutely necessary, it is possible to build & install current versions of OpenSSL yourself, and compile modern versions of libcurl and PHP using this OpenSSL build. The problem with doing it this way is that updates are 100% on you to do, as they will not be provided automatically by your package manager.
I haven't looked at the internals of Guzzle, but even if it were possible to add some kind of PHP stream handler to do TLS 1.3, implementing TLS in PHP seems like a bad idea. Guzzle generally relies on curl for making the actual requests and dealing with the TLS layer, so you would also probably have to give up using the curl wrapper and have more native PHP code dealing with requests.
