markdown [FIXED] [BUG] stream_socket_enable_crypto - 跨版本的不一致的流加密值[PHP 5.6.7 - 7.1.22] [OpenSSL]

Posted 2021-05-05

<?php
//...
$crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;

// Fix inconsistency in PHP 5.6.7 - 7.1.22
if (STREAM_CRYPTO_METHOD_TLS_CLIENT == STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT) {
  $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
  $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
}

/* Turn on encryption for login phase */
stream_socket_enable_crypto($fp, true, $crypto_method);

// ...

PHP Bugs (#69195)[https://bugs.php.net/bug.php?id=69195]

PHP Commit: https://github.com/php/php-src/commit/10bc5fd4c4c8e1dd57bd911b086e9872a56300a0

The SSLv23 (STREAM_CRYPTO_METHOD_SSLv23_*) client/server methods will
no longer negotiate the use of the insecure SSLv2 or SSLv3 protocols
by default. Users wishing to allow these protocols must explicitly
add them to the method bitmask via the appropriate flags.

PHP Manual: https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php


// PHP 5.6.0 - 5.6.6

STREAM_CRYPTO_METHOD_SSLv23_CLIENT = STREAM_CRYPTO_METHOD_SSLv2_CLIENT|STREAM_CRYPTO_METHOD_SSLv3_CLIENT


// PHP 5.6.7 - 7.3.0rc1 (backward compatibility, no longer negotiate the use of the insecure SSLv2 or SSLv3 protocols by default)

STREAM_CRYPTO_METHOD_SSLv23_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT


// PHP 5.6.7 - 7.1.22 (Inconsistent values across versions)

STREAM_CRYPTO_METHOD_TLS_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT

// PHP 5.6.0 - 5.6.6, 7.2.0 - 7.3.0rc1

STREAM_CRYPTO_METHOD_TLS_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT