Magento Connect returns Unknown SSL protocol error in connection to connect20.magentocommerce.com

in Troubleshooting

N.B.: This is an expert article! Please contact a Magento developer to fix this issue if you are not experienced or not comfortable with code changes in Magento

Why do I see this error?

If you receive this error, you are using an older Magento version that is having a hard time connecting over TLS to the Magento connect store.

Magento recently changed the SSL settings for their web servers that are serving Magento Connect.
As some older Magento versions use older hardcoded SSL protocols in the downloader code, these installations are not able to connect using the old settings anymore.

Is Hypernode using an old OpenSSL version?

Magento advices in some threads on their forum that this is caused by an outdated version of OpenSSL or cURL. While an outdated version can cause this as well, it is not the case here.

OpenSSL versions older than 1.0.1-stable do not support TLS1.1 en TLS1.2 connections, so if you are using an older version of OpenSSL, upgrading could help. As we are using version OpenSSL 1.0.2 (you can verify this by running openssl version on the Hypernode), in this situation this is not the cause of the issue.

We use the newest OpenSSL available for our operating system and build our PHP versions soon after the release upstream, but due to the changed settings on the Magento Connect store not being compatible with the hardcoded SSL versions in Magento, you are still experiencing this error.

How can I fix this error?

This error can be fixed by updating to the latest Magento of your version, but by trying you will likely run into this issue (again).
Instead, you can easily change the SSL behaviour of cURL in the downloader directory.

To do so, startup your editor and open /data/web/public/downloader/lib/Mage/HTTP/Client/Curl.php

Now on line 383, change:

$this->curlOption(CURLOPT_SSLVERSION, 1);

To:

// Change Curl settings to TLS 1.2 due to deprecation of ssl protocols on magentocommerce.com
// $this->curlOption(CURLOPT_SSLVERSION, 1);

$this->curlOption(CURLOPT_SSLVERSION, 6);

This will change the SSL protocol cURL uses when downloading extensions to TLS1.2 which should suffice.

More information about this error can be found here

Extra for non Hypernode users: Run the TLS test by PayPal to check whether your PHP-cURL and OpenSSL version are modern enough to support TLS connections.

PayPal provides an easy test URL that you can use to validate whether your local cURL and OpenSSL settings are new enough to support TLS versions 1.0, 1.1 and 2.

This can be done using the following snippet:

Save this as ssltest.php and run it through a browser or by running php -f ssltest.php

This should return PayPal_Connection_OK 3 times when a valid encrypted connection using TLS1.0, TLS1.1 and TLS1.2 can be established to PayPal using php-curl and openssl

0