Skip to content

Instantly share code, notes, and snippets.

@MegaBedder
Last active September 19, 2018 01:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save MegaBedder/6a81ded299e958436471d4f5842c29c0 to your computer and use it in GitHub Desktop.
Save MegaBedder/6a81ded299e958436471d4f5842c29c0 to your computer and use it in GitHub Desktop.
[FIXED][BUG] stream_socket_enable_crypto - Inconsistent stream crypto values across versions [PHP 5.6.7 - 7.1.22][OpenSSL]

PHP Bugs (#69195)[https://bugs.php.net/bug.php?id=69195]

PHP Commit: https://github.com/php/php-src/commit/10bc5fd4c4c8e1dd57bd911b086e9872a56300a0

The SSLv23 (STREAM_CRYPTO_METHOD_SSLv23_*) client/server methods will no longer negotiate the use of the insecure SSLv2 or SSLv3 protocols by default. Users wishing to allow these protocols must explicitly add them to the method bitmask via the appropriate flags.

PHP Manual: https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php

// PHP 5.6.0 - 5.6.6

STREAM_CRYPTO_METHOD_SSLv23_CLIENT = STREAM_CRYPTO_METHOD_SSLv2_CLIENT|STREAM_CRYPTO_METHOD_SSLv3_CLIENT

// PHP 5.6.7 - 7.3.0rc1 (backward compatibility, no longer negotiate the use of the insecure SSLv2 or SSLv3 protocols by default)

STREAM_CRYPTO_METHOD_SSLv23_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT

// PHP 5.6.7 - 7.1.22 (Inconsistent values across versions)

STREAM_CRYPTO_METHOD_TLS_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT

// PHP 5.6.0 - 5.6.6, 7.2.0 - 7.3.0rc1

STREAM_CRYPTO_METHOD_TLS_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT

<?php
//...
$crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
// Fix inconsistency in PHP 5.6.7 - 7.1.22
if (STREAM_CRYPTO_METHOD_TLS_CLIENT == STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT) {
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
}
/* Turn on encryption for login phase */
stream_socket_enable_crypto($fp, true, $crypto_method);
// ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment