From 5e6bf80ddede76ac04f7273070a7d6d60f99faaa Mon Sep 17 00:00:00 2001
From: erikn69 <erikn_69@hotmail.com>
Date: Mon, 30 Oct 2023 14:17:27 -0500
Subject: [PATCH] add legacy support for OpenSSL ^3

---
 .env.example       |  5 +++++
 docker-compose.yml |  1 +
 php-fpm/Dockerfile | 14 ++++++++++++++
 3 files changed, 20 insertions(+)

diff --git a/.env.example b/.env.example
index 78d77442..9d2bb8ed 100644
--- a/.env.example
+++ b/.env.example
@@ -61,6 +61,11 @@ DOCKER_HOST_IP=10.0.75.1
 # Choose a Remote Interpreter entry matching name. Default is `laradock`
 PHP_IDE_CONFIG=serverName=laradock
 
+### PHP USE LEGACY OPENSSL ################################
+
+# Since OpenSSL 3 some ciphers are not available
+PHP_LEGACY_OPENSSL=false
+
 ### PHP DOWNGRADEOPENSSL TLS AND SECLEVEL #################
 
 PHP_DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL=false
diff --git a/docker-compose.yml b/docker-compose.yml
index 17407fc1..8d926a6b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -286,6 +286,7 @@ services:
           - INSTALL_SSDB=${PHP_FPM_INSTALL_SSDB}
           - INSTALL_TRADER=${PHP_FPM_INSTALL_TRADER}
           - INSTALL_EVENT=${PHP_FPM_INSTALL_EVENT}
+          - LEGACY_OPENSSL=${PHP_LEGACY_OPENSSL}
           - DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL=${PHP_DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL}
           - DOWNGRADE_OPENSSL_TLS_VERSION=${PHP_DOWNGRADE_OPENSSL_TLS_VERSION}
           - PUID=${PHP_FPM_PUID}
diff --git a/php-fpm/Dockerfile b/php-fpm/Dockerfile
index 5d51d082..a1ce7ff8 100644
--- a/php-fpm/Dockerfile
+++ b/php-fpm/Dockerfile
@@ -1263,6 +1263,20 @@ RUN set -xe; \
     && rm /tmp/ssdb-client-php.tar.gz \
     && docker-php-ext-enable ssdb \
 ;fi
+
+###########################################################################
+# Legacy Openssl Config:
+###########################################################################
+ARG LEGACY_OPENSSL=false
+
+RUN if [ ${LEGACY_OPENSSL} = true ]; then \
+  if openssl version | grep -q "OpenSSL 3"; then \
+    sed -i 's/# providers = provider_sect/providers = provider_sect/g' /etc/ssl/openssl.cnf && \
+    sed -i '$a[provider_sect]\ndefault=default_sect\nlegacy=legacy_sect\n' /etc/ssl/openssl.cnf && \
+    sed -i '$a[default_sect]\nactivate=1\n[legacy_sect]\nactivate=1\n' /etc/ssl/openssl.cnf \
+  ;fi \
+;fi
+
 ###########################################################################
 # Downgrade Openssl:
 ###########################################################################