Skip to content

Commit d9a7f2e

Browse files
bukkabukka
committed
Enable TLS v1.3 be default
1 parent e07855f commit d9a7f2e

File tree

3 files changed

+74
-7
lines changed

3 files changed

+74
-7
lines changed

ext/openssl/tests/tls_wrapper.phpt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ tls stream wrapper
44
<?php
55
if (!extension_loaded("openssl")) die("skip openssl not loaded");
66
if (!function_exists("proc_open")) die("skip no proc_open");
7+
if (OPENSSL_VERSION_NUMBER < 0x10101000) die("skip OpenSSL v1.1.1 required");
78
?>
89
--FILE--
910
<?php

ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
--TEST--
2+
tls stream wrapper when TLS 1.3 available
3+
--SKIPIF--
4+
<?php
5+
if (!extension_loaded("openssl")) die("skip openssl not loaded");
6+
if (!function_exists("proc_open")) die("skip no proc_open");
7+
if (OPENSSL_VERSION_NUMBER < 0x10101000) die("skip OpenSSL v1.1.1 required");
8+
?>
9+
--FILE--
10+
<?php
11+
$serverCode = <<<'CODE'
12+
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
13+
$ctx = stream_context_create(['ssl' => [
14+
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
15+
]]);
16+
17+
$server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
18+
phpt_notify();
19+
20+
for ($i = 0; $i < (phpt_has_sslv3() ? 7 : 6); $i++) {
21+
@stream_socket_accept($server, 3);
22+
}
23+
CODE;
24+
25+
$clientCode = <<<'CODE'
26+
$flags = STREAM_CLIENT_CONNECT;
27+
$ctx = stream_context_create(['ssl' => [
28+
'verify_peer' => false,
29+
'verify_peer_name' => false,
30+
]]);
31+
32+
phpt_wait();
33+
34+
$client = stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
35+
var_dump($client);
36+
37+
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
38+
var_dump($client);
39+
40+
$client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
41+
var_dump($client);
42+
43+
$client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
44+
var_dump($client);
45+
46+
$client = @stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
47+
var_dump($client);
48+
49+
$client = @stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
50+
var_dump($client);
51+
52+
$client = @stream_socket_client("tls://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
53+
var_dump($client);
54+
CODE;
55+
56+
include 'ServerClientTestCase.inc';
57+
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
58+
?>
59+
--EXPECTF--
60+
resource(%d) of type (stream)
61+
bool(false)
62+
resource(%d) of type (stream)
63+
resource(%d) of type (stream)
64+
resource(%d) of type (stream)
65+
resource(%d) of type (stream)
66+
resource(%d) of type (stream)

main/streams/php_stream_transport.h

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -173,21 +173,21 @@ typedef enum {
173173
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 | 1),
174174
STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT = (1 << 6 | 1),
175175
/* TLS equates to TLS_ANY as of PHP 7.2 */
176-
STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
177-
STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
178-
STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | 1),
176+
STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6) | 1),
177+
STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6) | 1),
178+
STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | (1 << 6) | 1),
179179
STREAM_CRYPTO_METHOD_SSLv2_SERVER = (1 << 1),
180180
STREAM_CRYPTO_METHOD_SSLv3_SERVER = (1 << 2),
181181
/* v23 no longer negotiates SSL2 or SSL3 */
182-
STREAM_CRYPTO_METHOD_SSLv23_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
182+
STREAM_CRYPTO_METHOD_SSLv23_SERVER = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6)),
183183
STREAM_CRYPTO_METHOD_TLSv1_0_SERVER = (1 << 3),
184184
STREAM_CRYPTO_METHOD_TLSv1_1_SERVER = (1 << 4),
185185
STREAM_CRYPTO_METHOD_TLSv1_2_SERVER = (1 << 5),
186186
STREAM_CRYPTO_METHOD_TLSv1_3_SERVER = (1 << 6),
187187
/* TLS equates to TLS_ANY as of PHP 7.2 */
188-
STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
189-
STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
190-
STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5))
188+
STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6)),
189+
STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6)),
190+
STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | (1 << 6))
191191
} php_stream_xport_crypt_method_t;
192192

193193
/* These functions provide crypto support on the underlying transport */

0 commit comments

Comments
 (0)