Edit report at https://bugs.php.net/bug.php?id=65329&edit=1
ID: 65329
Updated by: yohg...@php.net
Reported by: yqbjtu at 163 dot com
Summary: PHP doesnot support TLSv1.1 and TLSv1.2
-Status: Open
+Status: Analyzed
Type: Feature/Change Request
Package: OpenSSL related
Operating System: All
PHP Version: 5.5.1
Block user comment: N
Private report: N
New Comment:
TLSv1.0 is not good...
PHP should support TLSv1.2 (and 1.1)
Previous Comments:
------------------------------------------------------------------------
[2013-07-25 03:39:01] yqbjtu at 163 dot com
Description:
------------
When I used stream_socket_client method to connect a server,which enabled the
TLSv1.2, my php have 100% CPU usage, but can't connect to the server. I
checked the stream_get_transports();,found that PHP only supports the tcp [1]
=> udp [2] => ssl [3] => sslv3 [4] => sslv2 [5] => tls.
I checked the source code, found that it does not support TLSv1.1 and TLSv1.2.
I found it is very simple to support TLSv1.2, if possible, I can do it.
----------------------------the following is the supported protocols:
C:\E\download\php-5.5.1-src\php-5.5.1-src\ext\openssl\openssl.c (5 hits)
Line 1157: php_stream_xport_register("ssl",
php_openssl_ssl_socket_factory TSRMLS_CC);
Line 1158: php_stream_xport_register("sslv3",
php_openssl_ssl_socket_factory TSRMLS_CC);
Line 1160: php_stream_xport_register("sslv2",
php_openssl_ssl_socket_factory TSRMLS_CC);
Line 1162: php_stream_xport_register("tls",
php_openssl_ssl_socket_factory TSRMLS_CC);
Line 1165: php_stream_xport_register("tcp",
php_openssl_ssl_socket_factory TSRMLS_CC);
you can see
in php_stream *php_openssl_ssl_socket_factory method
(src\ext\openssl\xp_ssl.c)
if (strncmp(proto, "ssl", protolen) == 0) {
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
} else if (strncmp(proto, "sslv2", protolen) == 0) {
#ifdef OPENSSL_NO_SSL2
php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is
not compiled into the OpenSSL library PHP is linked against");
return NULL;
#else
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT;
#endif
} else if (strncmp(proto, "sslv3", protolen) == 0) {
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
} else if (strncmp(proto, "tls", protolen) == 0) {
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
}
STREAM_CRYPTO_METHOD_TLS_CLIENT definition is as following.
case STREAM_CRYPTO_METHOD_TLS_CLIENT:
sslsock->is_client = 1;
method = TLSv1_client_method();
break;
========================================
There are some methods in openssl openssl\ssl.h
TLSv1_1_client_method(void); /* TLSv1.1 */
TLSv1_2_client_method(void); /* TLSv1.2 */
Expected result:
----------------
PHP does support TLSv1.1 and TLSv1.2
Actual result:
--------------
PHP does not support TLSv1.1 and TLSv1.2
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=65329&edit=1
