PHP Sockets with SSL / TLS - no suitable shared cipher could be used

送分小仙女□ 提交于 2019-12-05 22:55:18

It turns out that the issue was related to OpenSSL and the transport streams available. The issue was resolved by:

  • Updating OpenSSL to the latest version (1.0.2k, to support TLS v1.2)
  • Recompiling PHP to enable tlsv1.2 transport stream
  • Updating the code to use tlsv1.2:// as the protocol on both the server and the client, e.g.

    $server = stream_socket_server('tlsv1.2://'.$address.':'.$port, $errno, 
      $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
    

    and

    $socket = stream_socket_client( 'tlsv1.2://'.$host.':'.$port, $errno,
      $errstr, 30, STREAM_CLIENT_CONNECT, $context)
    

Once the transport stream was updated to TLSv1.2, there was no need for the cipher option, and the scripts successfully negotiated a TLS connection.

I experienced similar problems. However my certificate and private key were in seperate files. According to the PHP documentation you should be able to load the private key seperately:

stream_context_set_option($context, 'ssl', 'local_cert', '/etc/apache2/ssl/public_crt.cert');
stream_context_set_option($context, 'ssl', 'local_pk', '/etc/apache2/ssl/private_key.pem');

Turns out this did not work for me resulting in the same error message in the original post. Combining the certificate and key in one file did the trick:

cat public_crt.cert private_key.pem > combined_cert.pem

And setting the new combo cert in PHP, made the thing work:

stream_context_set_option($context, 'ssl', 'local_cert', '/etc/apache2/ssl/combined_cert.pem');

PHP has pathetic problems with SSL. At worse they are OS dependent, most fixes are for REHL. I am supplying you sample full code and other guides. They will possibly help you. To avoid those errors, this library is commonly used. That is not always practical.

Line 32 should be this :

stream_set_blocking($client, true); // block the connection until SSL is done

Here is stream blocking doc on PHP manual, also read this. Here is a good guide on using SSL with PHP, here is example of client-server. Cipher can be added in this fashion :

$context = stream_context_create(
    [
        'ssl' => [
            'ciphers' => 'DHE-RSA-AES256-SHA:LONG-CIPHER',
        ],
    ]
);
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!