Skip to content

Instantly share code, notes, and snippets.

@MegaBedder
Last active Sep 19, 2018
Embed
What would you like to do?
[FIXED][BUG] stream_socket_enable_crypto - Inconsistent stream crypto values across versions [PHP 5.6.7 - 7.1.22][OpenSSL]

PHP Bugs (#69195)[https://bugs.php.net/bug.php?id=69195]

PHP Commit: https://github.com/php/php-src/commit/10bc5fd4c4c8e1dd57bd911b086e9872a56300a0

The SSLv23 (STREAM_CRYPTO_METHOD_SSLv23_*) client/server methods will no longer negotiate the use of the insecure SSLv2 or SSLv3 protocols by default. Users wishing to allow these protocols must explicitly add them to the method bitmask via the appropriate flags.

PHP Manual: https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php

// PHP 5.6.0 - 5.6.6

STREAM_CRYPTO_METHOD_SSLv23_CLIENT = STREAM_CRYPTO_METHOD_SSLv2_CLIENT|STREAM_CRYPTO_METHOD_SSLv3_CLIENT

// PHP 5.6.7 - 7.3.0rc1 (backward compatibility, no longer negotiate the use of the insecure SSLv2 or SSLv3 protocols by default)

STREAM_CRYPTO_METHOD_SSLv23_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT

// PHP 5.6.7 - 7.1.22 (Inconsistent values across versions)

STREAM_CRYPTO_METHOD_TLS_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT

// PHP 5.6.0 - 5.6.6, 7.2.0 - 7.3.0rc1

STREAM_CRYPTO_METHOD_TLS_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT

<?php
//...
$crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
// Fix inconsistency in PHP 5.6.7 - 7.1.22
if (STREAM_CRYPTO_METHOD_TLS_CLIENT == STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT) {
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
}
/* Turn on encryption for login phase */
stream_socket_enable_crypto($fp, true, $crypto_method);
// ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment