centos 6/7 支持 Paypal TLSv1.2 的更新方法

Paypal 要求TLSv1.2

paypal最近升级要求必须使用 TLSv1.2，按照官方的升级方法和测试，其实并不准确！

官方的升级教程：https://github.com/paypal/TLS-update#php
官方的检测工具：
https://github.com/paypal/TLS-update/blob/master/php/cacert.pem
https://github.com/paypal/TLS-update/blob/master/php/TlsCheck.php

php -f TlsCheck.php

On success:
PayPal_Connection_OK
On failure:
curl_error information

正确的检测

<?php

$url = 'https://fancyssl.hboeck.de/';

$protocols = [
    'TLS1.0' => ['protocol' => CURL_SSLVERSION_TLSv1_0, 'sec' => false],
    'TLS1.1' => ['protocol' => CURL_SSLVERSION_TLSv1_1, 'sec' => false],
    'TLS1.2' => ['protocol' => CURL_SSLVERSION_TLSv1_2, 'sec' => true],
    'TLS1.3' => ['protocol' => CURL_SSLVERSION_TLSv1_3, 'sec' => true],
];

foreach ($protocols as $name => $value) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_SSLVERSION, $value['protocol']);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    $response = curl_exec($ch) !== false;

    if ($value['sec'] && !$response) {
        echo "Secure $name not supported =( \n";
    } elseif ($value['sec'] && $response) {
        echo "Ok! Secure $name supported \n";
    } elseif (!$value['sec'] && $response) {
        echo "Insecure $name supported =( \n";
    } elseif (!$value['sec'] && !$response) {
        echo "Ok! Insecure $name not supported\n";
    }
}

代码来源：https://stackoverflow.com/questions/49186863/php-how-to-see-if-a-server-supports-tls-1-0

升级 PHP CURL扩展

发现 7.19.7 的版本依旧是不能，但是 7.29.0 的版本是可以的。
升级仓

[city-fan.org]
name=city-fan.org repository for Red Hat Enterprise Linux (and clones) $releasever ($basearch)
baseurl=http://mirror.city-fan.org/ftp/contrib/yum-repo/rhel$releasever/$basearch

mirrorlist=http://mirror.city-fan.org/ftp/contrib/yum-repo/mirrorlist-rhel$releasever
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-city-fan.org

升级完，php_curl 之后，不要忘了重启 php-fpm 以生效。