Constants added in PHP 5.6 :
STREAM_CRYPTO_METHOD_ANY_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
STREAM_CRYPTO_METHOD_ANY_SERVER
STREAM_CRYPTO_METHOD_TLSv1_0_SERVER
STREAM_CRYPTO_METHOD_TLSv1_1_SERVER
STREAM_CRYPTO_METHOD_TLSv1_2_SERVER
Now, be careful because since PHP 5.6.7, STREAM_CRYPTO_METHOD_TLS_CLIENT (same for _SERVER) no longer means any tls version but tls 1.0 only (for "backward compatibility"...).
Before PHP 5.6.7 :
STREAM_CRYPTO_METHOD_SSLv23_CLIENT = STREAM_CRYPTO_METHOD_SSLv2_CLIENT|STREAM_CRYPTO_METHOD_SSLv3_CLIENT
STREAM_CRYPTO_METHOD_TLS_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
PHP >= 5.6.7
STREAM_CRYPTO_METHOD_SSLv23_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
STREAM_CRYPTO_METHOD_TLS_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
PHP bug : https://bugs.php.net/bug.php?id=69195
Commit : https://github.com/php/php-src/commit/10bc5fd4c4c8e1dd57bd911b086e9872a56300a0
STREAM_CRYPTO_METHOD_SSLv23_CLIENT is not safe to use because before php 5.6.7, it means sslv2 or sslv3. So, you should do this :
<?php
$crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
}
stream_socket_enable_crypto($socket, true, $crypto_method);
?>
stream_socket_enable_crypto
(PHP 5 >= 5.1.0, PHP 7, PHP 8)
stream_socket_enable_crypto — 接続済みのソケットについて暗号化の on/off を切り替える
説明
stream_socket_enable_crypto(
resource
bool
?int
?resource
): int|bool
resource
$stream,bool
$enable,?int
$crypto_method = null,?resource
$session_stream = null): int|bool
ストリームの暗号化を有効あるいは無効にします。
暗号化設定が確立されると、それ以降は
enable パラメータに true あるいは false
を指定することで暗号化の on/off を動的に切り替えられます。
パラメータ
stream-
ストリームリソース。
enable-
ストリームの暗号化を有効にするか無効にするか。
crypto_method-
ストリームの暗号化の設定。以下の方法が使用できます。
STREAM_CRYPTO_METHOD_SSLv2_CLIENTSTREAM_CRYPTO_METHOD_SSLv3_CLIENTSTREAM_CRYPTO_METHOD_SSLv23_CLIENTSTREAM_CRYPTO_METHOD_ANY_CLIENTSTREAM_CRYPTO_METHOD_TLS_CLIENTSTREAM_CRYPTO_METHOD_TLSv1_0_CLIENTSTREAM_CRYPTO_METHOD_TLSv1_1_CLIENTSTREAM_CRYPTO_METHOD_TLSv1_2_CLIENTSTREAM_CRYPTO_METHOD_TLSv1_3_CLIENT(PHP 7.4.0 以降)STREAM_CRYPTO_METHOD_SSLv2_SERVERSTREAM_CRYPTO_METHOD_SSLv3_SERVERSTREAM_CRYPTO_METHOD_SSLv23_SERVERSTREAM_CRYPTO_METHOD_ANY_SERVERSTREAM_CRYPTO_METHOD_TLS_SERVERSTREAM_CRYPTO_METHOD_TLSv1_0_SERVERSTREAM_CRYPTO_METHOD_TLSv1_1_SERVERSTREAM_CRYPTO_METHOD_TLSv1_2_SERVERSTREAM_CRYPTO_METHOD_TLSv1_3_SERVER(PHP 7.4.0 以降)
省略した場合は、ストリームの SSL コンテキストのオプション
crypto_methodを利用します。 session_stream-
ストリームで
session_streamからの設定を送信します。
変更履歴
| バージョン | 説明 |
|---|---|
| 8.0.0 |
session_stream は、nullable になりました。
|
例
例1 stream_socket_enable_crypto() の例
<?php
$fp = stream_socket_client("tcp://myproto.example.com:31337", $errno, $errstr, 30);
if (!$fp) {
die("接続できません: $errstr ($errno)");
}
/* ログイン時の暗号化を有効にします */
stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_SSLv23_CLIENT);
fwrite($fp, "USER god\r\n");
fwrite($fp, "PASS secret\r\n");
/* それ以外では暗号化を無効にします */
stream_socket_enable_crypto($fp, false);
while ($motd = fgets($fp)) {
echo $motd;
}
fclose($fp);
?>上の例の出力は、 たとえば以下のようになります。
add a note
User Contributed Notes 5 notes
bobe at webnaute dot net ¶
8 years ago
tigger (AT) tiggerswelt d0t net ¶
16 years ago
As already mentioned above:
stream_socket_enable_crypto is likely to fail/return zero if the socket is in non-blocking mode.
You may either wait some seconds until all neccessary data has arrived or switch temporary to blocking mode:
<?PHP
stream_set_blocking ($fd, true);
stream_socket_enable_crypto ($fd, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
stream_set_blocking ($fd, false);
?>
This works very fine for me ;-)
mark at kinoko dot fr ¶
16 years ago
Just to avoid letting you search everywhere why your code doesn't work when using this function to enable crypto as a server, and when using TLS, you have to put the certificate in the "ssl" context, even if you start a TLS, SSLv3, etc.. server.
I had some troubles because of that...
bobe at webnaute dot net ¶
9 years ago
There is an error in the description of the third argument:
"If omitted, the crypto_type context option on the stream's SSL context will be used instead."
The name of the context option is "crypto_method", NOT "crypto_type" which is just the name of the argument.
cgy at anymacro dot com ¶
5 years ago
$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'allow_self_signed', false);
stream_context_set_option($context, 'ssl', 'verify_peer', false);
stream_context_set_option($context, 'ssl', 'verify_peer_name', false);
$fp = stream_socket_client("unix:///tmp/ssl.sock", $errno, $errstr, 30,STREAM_CLIENT_ASYNC_CONNECT | STREAM_CLIENT_CONNECT,$context);
stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
错误提示:
PHP Warning: stream_socket_enable_crypto(): this stream does not support SSL/crypto
