How to upgrade cURL in Centos6?

January 15, 2016 19.3k views
Networking System Tools CentOS

All my droplets run Centos 6, and I use cURL quite widely. However, as I'm updating servers to use HTTPS (and, more importantly, restricting to TLSv1) I've hit a problem - the version of cURL installed on them all is prehistoric; it's so old it doesn't recognise TLSv1.

From comments on fora, this seems to be common, but a solution isn't. Yum refuses to see a problem as there evidently isn't a distro in any of the standard repos more modern that v7.19.7. Attempting to upgrade directly with RPM by pulling down a file from e.g. the city-fan repo fails as it triggers a wave of dependency issues that I'm afraid I have no idea how to solve.

It seems bizarre that there isn't a Yum repo somewhere which has rolled up a more modern distro with all its dependencies, given how critical SSL security has become to almost all websites and how popular Centos6/RHEL is, but I'm buggered if I can find one.

Does anyone know of a suitable repo? If not, can anyone point me towards any decent advice on solving all the dependency problems (everything I've googled seems to end with "...and now rebuild cURL" :/)


    Surprised there haven't been any responses, as this is a major issue which will, sooner rather than later, bite everyone running a CentOS 6 webserver.

    OK, solution is to found after all in the city-fan repo after all, I had just been a bit more of an idiot than usual when trying to use it earlier... Another point to note is that the University of Seville mirror is a LOT faster and more available than city-fan itself, which is apparently run off somebody's home ADSL line!

    EITHER add the repo setup file manually e.g.

    rpm -Uvh

    (adjusting for your architecture and the release number, if there is a later one)

    OR (better solution) add a new text file called /etc/yum.repos.d/city-fan.repo containing

    name=City Fan Repo

    Either way, you should then be good to go :

    yum clean all
    yum install libcurl 

    should update cURL to a (very) recent openSSL-based version (7.46.0 at the time of writing), which will resolve the "unknown protocol" errors for TLSv1 etc.

    You may want to then remove/rename the city-fan.repo file if you want to prevent yum later also updating other packages you may have installed with "non-official" later versions.

    Hope this helps others who will come in search of the same answers. This is a huge oops by Redhat IMHO - I have no idea why something which has become so crucial to website operation isn't now included in the official repo.

  • Oh my actual.

    I thought you'd like to know that days and days ( literally ) of troubleshooting the strangest issues affecting my use of the WPMU Membership 2 Pro plugin preventing payments to be validated using PayPals IPN validating service, but only for some accounts and not others, only to find the distinguishing feature was the PayPal server that they are hosted on, and the fact that some of those servers had been updated to take note of recent security changes [](http://). I finally found that my version of libcurl was so outdated it that it was causing issues using these new security protocols.

    5mins after arriving on this post, fixed.

    I expect you'll see some more traffic and comments here as PayPal roll out these updates and software developers currently using http start moving to https.

  • Great to hear it was helpful. Yep, this is one that's going to run and run, I think.

  • I've run in to this issue too. Our webservers are running CentOS 6 and we've started to have issues using cURL to connect to services requiring TLS.

    Of course yum reports I'm using the latest version for my distro. I reached out to Rackspace as part of our managed service level and was met with a resounding "not supported" and linked to the main cURL page.

    After looking on there and various SO questions I soon realised I'd opened up a can of worms. The general gist seems to be that libcurl is so deeply embedded in to the system that upgrading it could break everything. The main cURL page hints at resolving these issues by installing a bunch of other libs to get around this, but I didn't understand it:

    "The version of curl and libcurl here provides, whereas many distributions include a version of curl that provides or This means that installing the curl and libcurl packages from this repository can break a lot of dependencies for applications linked against the older libcurl. This problem can be avoided by also installing the libcurl7155 (for and/or libcurl7112 (for packages, for backwards compatibility"

    I can't quite believe how difficult it is to upgrade this but am relieved to find this page after a lot of searching.

    Will the instructions provided here break applications requiring older versions of libcurl? Will it all "just work" when I do this?

    Thanks for your help and for this page!

  • Will the instructions provided here break applications requiring older versions of libcurl? Will it all "just work" when I do this?

    Now that's a question I'm afraid I can't answer - I'm not enough of a linux guru to comment usefully on that one. What you've turned up about cURL versions issues is really useful; at least if anything does break it looks like installing the versions of cURL mentioned will maintain the dependencies. It's also news to me, I'm afraid I just trusted to the powers of yum and went ahead and upgraded it!

    All I can say is that nothing seems to have broken on any of the half-dozen servers I've applied this to; they're all running asimilar load-out though (Apache, PHP 5.5, MySQL v5.5). A couple are also running BIND, Exim etc, and one of local machines is hosting VirtualBox VMs, and everything seems OK.

    I suspect that so long as you're running current versions of everything, they'll use/support the newer cURL libraries. I'd think you'd only run into broken dependency issues is you are still running old software which still has those old dependencies?

    I guess as ever experiment is required - spin up a test server with an image of a working system, apply the update and see if there are any problems. At the end of the day, we don't really have any choice but to upgrade given the TLS issue, so if you do hit any problems they're going to have to be solved sometime anyway. Maybe this is an excuse to update any other old software you're still using too?

    Good luck, do please report back if you do hit any problems and how you resolve them.

  • Do you happen to know if the libraries that are suggested to maintain backwards compatibility were installed as part of the yum install you did?

    "libcurl7155 (for and/or libcurl7112 (for packages, for backwards compatibility"


    That page does have a suggested rpm install for the libraries (would need changing to match distro).

    What I'm wondering is, if yum installed them anyway, if I have to do it via yum will it try to downgrade cURL, do I have to go the rpm route.

    One thing's for sure, I won't be just doing it on a live system.

  • No, they didn't install as part of the update. I doubt installing them manually would impact on the update though, as they are just libraries - should have no impact on anything, other than to fix broken dependencies. Anyway you only need to install them if you find a broken dependency, which as I said I suspect is unlikely to happen anyway unless you are running some other piece of equally-obsolete software. I certainly haven;'t come across anything which needs them.

  • The packages we are using are all from the CentOS 6 official repos, apart from PHP which we've got from Webtatic for later versions. I have no idea if any of the packages require older versions of libcurl to be honest. I'm assuming if I upgrade cURL, it'll remove the old version and those libraries.

  • I reached out to Paul (the package maintainer) and he came back very quickly with some helpful info to confirm:

    First of all, the standard CentOS 6 version of curl/libcurl is recent enough that you won't need the old compat packages (libcurl7155 etc.).

    The easiest way to install the updated curl from my repo is to install my repo release package

    rpm -Uvh

    and then edit the file /etc/yum.repos.d/ to change the line enabled=1 to enabled=0 to prevent pulling in anything from there when you're not expecting it.

    You can then see what would happen if you updated curl from my repo by
    doing: yum update curl

    At this point you can see what would be installed/removed (I'd expect it to install/update a few libraries as well as curl and libcurl, and not remove anything), and say "yes" or "no" to the update. The updated version of curl should work fine with everything in CentOS 6.

    I did exactly this and after restarting Apache I'm pleased to say PHP is also now using the new version.

  • Fantastic, Paul's comments re the compat libs are hugely helpful. Yep, you should be good now.

  • i already did what jamie comment, still can't upgrade my curl. what could possibly go wrong ?

    [root@xxx installs]# yum update curl
    Loaded plugins: changelog, product-id, refresh-packagekit, security, subscription-manager, tmprepo, verify
    Updating certificate-based repositories.

    Error getting repository data for, repository not found
    [root@xxx installs]# cd /etc/yum.repos.d/
    [root@xxx yum.repos.d]# ls example.repo redhat.repo rhel-source.repo zend.repo
    [root@xxx yum.repos.d]# cat
    name=City Fan Repo


    and i disabled all other repo as well

  • @edwinsilaen try to set repo [] (as you call in in yum command ([root@xxx installs]# yum update curl) ...or try this command: [root@xxx installs]# yum --enablerepo=city-fan update curl

    MY PROBLEM IS: how can I downgrade version 7.48 (the latest got from
    The base version is 7.19. The cUrl php extension is 4.48 (phpinfo).

    'yum remove curl' not working ! ....see below last lines afer I run remove command:
    "Error: Trying to remove "yum", which is protected
    You could try using --skip-broken to work around the problem
    You could try running: rpm -Va --nofiles --nodigest".

    Give me some hints !

  • @pif1709
    you did something wrong,
    "Error: Trying to remove 'yum', which is protected" means that you must have ran:

    yum remove yum

    or possibly, you accidentally copied and pasted the command twice and tried running:

    yum remove curl yum ...
  • @edwinsilaen
    try these settings I just took from one of my servers after following jamie's post:

    cat /etc/yum.repos.d/

    [] repository for Red Hat Enterprise Linux (and clones) $releasever ($basearch)



    worked like a charm.

  • You beautiful, beautiful man....

    Been bashing my head for over a day playing with CA certificates trying to cURL an endpoint. Updated cURL and can now connect successfully.

3 Answers

Just glad this is helping people, having had to fight my way through it myself!

I am still astonished this hasn't blown up into a much more widely-discussed issue, as it must be breaking enormous numbers of SSL endpoints by now (Paypal merchant sites alone must be hitting this in huge numbers by now, for goodness sake, but payment providers still don't seem to be offering anything in the way of help or advice).

I also can't understand why Redhat still aren't coming to the party, as this effectively beaks every v6 installation on the planet which relies on SSL. Ah well, 'tis a strange world...

I just wanted to add a huge thank you for posting this! I've been racking my brain for a few hours between openssl, PHP and Curl versions to get this to work, and this was all I needed. I agree, this is a HUGE issue with RH/CentOS not updating Curl. So thanks again for a perfect solution to this problem.

Have another answer? Share your knowledge.