From: yqbjtu at 163 dot com
Operating system: All
PHP version: 5.5.1
Package: OpenSSL related
Bug Type: Feature/Change Request
Bug description:PHP doesnot support TLSv1.1 and TLSv1.2
Description:
------------
When I used stream_socket_client method to connect a server,which enabled
the TLSv1.2, my php have 100% CPU usage, but can't connect to the server.
I checked the stream_get_transports();,found that PHP only supports the tcp
[1] => udp [2] => ssl [3] => sslv3 [4] => sslv2 [5] => tls.
I checked the source code, found that it does not support TLSv1.1 and
TLSv1.2.
I found it is very simple to support TLSv1.2, if possible, I can do it.
----------------------------the following is the supported protocols:
C:\E\download\php-5.5.1-src\php-5.5.1-src\ext\openssl\openssl.c (5 hits)
Line 1157: php_stream_xport_register("ssl",
php_openssl_ssl_socket_factory TSRMLS_CC);
Line 1158: php_stream_xport_register("sslv3",
php_openssl_ssl_socket_factory TSRMLS_CC);
Line 1160: php_stream_xport_register("sslv2",
php_openssl_ssl_socket_factory TSRMLS_CC);
Line 1162: php_stream_xport_register("tls",
php_openssl_ssl_socket_factory TSRMLS_CC);
Line 1165: php_stream_xport_register("tcp",
php_openssl_ssl_socket_factory TSRMLS_CC);
you can see
in php_stream *php_openssl_ssl_socket_factory method
(src\ext\openssl\xp_ssl.c)
if (strncmp(proto, "ssl", protolen) == 0) {
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
} else if (strncmp(proto, "sslv2", protolen) == 0) {
#ifdef OPENSSL_NO_SSL2
php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is
not
compiled into the OpenSSL library PHP is linked against");
return NULL;
#else
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT;
#endif
} else if (strncmp(proto, "sslv3", protolen) == 0) {
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
} else if (strncmp(proto, "tls", protolen) == 0) {
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
}
STREAM_CRYPTO_METHOD_TLS_CLIENT definition is as following.
case STREAM_CRYPTO_METHOD_TLS_CLIENT:
sslsock->is_client = 1;
method = TLSv1_client_method();
break;
========================================
There are some methods in openssl openssl\ssl.h
TLSv1_1_client_method(void); /* TLSv1.1 */
TLSv1_2_client_method(void); /* TLSv1.2 */
Expected result:
----------------
PHP does support TLSv1.1 and TLSv1.2
Actual result:
--------------
PHP does not support TLSv1.1 and TLSv1.2
--
Edit bug report at https://bugs.php.net/bug.php?id=65329&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=65329&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=65329&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=65329&r=trysnapshottrunk
Fixed in SVN: https://bugs.php.net/fix.php?id=65329&r=fixed
Fixed in release: https://bugs.php.net/fix.php?id=65329&r=alreadyfixed
Need backtrace: https://bugs.php.net/fix.php?id=65329&r=needtrace
Need Reproduce Script: https://bugs.php.net/fix.php?id=65329&r=needscript
Try newer version: https://bugs.php.net/fix.php?id=65329&r=oldversion
Not developer issue: https://bugs.php.net/fix.php?id=65329&r=support
Expected behavior: https://bugs.php.net/fix.php?id=65329&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=65329&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=65329&r=submittedtwice
register_globals: https://bugs.php.net/fix.php?id=65329&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65329&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=65329&r=dst
IIS Stability: https://bugs.php.net/fix.php?id=65329&r=isapi
Install GNU Sed: https://bugs.php.net/fix.php?id=65329&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=65329&r=float
No Zend Extensions: https://bugs.php.net/fix.php?id=65329&r=nozend
MySQL Configuration Error: https://bugs.php.net/fix.php?id=65329&r=mysqlcfg
