PHP 带 SSL/TLS 的套接字 - 无法使用合适的共享密码
PHP Sockets with SSL / TLS - no suitable shared cipher could be used
我正在尝试使用 PHP 带 SSL/TLS 的套接字创建服务器和客户端。但是,当向服务器发送数据时,我收到以下错误:
PHP Warning: stream_socket_accept(): SSL_R_NO_SHARED_CIPHER: no
suitable shared cipher could be used. This could be because the
server is missing an SSL certificate (local_cert context option) in
server.php on line 32
我查看了其他示例并尝试了各种更改但无济于事。非常感谢任何帮助。
client.php
<?php
$host = '192.168.10.10';
$port = 8080;
$timeout = 30;
$cert = 'assets/cert.pem';
$context = stream_context_create(
[ 'ssl'=> [ 'local_cert'=> $cert, "crypto_method" => STREAM_CRYPTO_METHOD_TLS_CLIENT ] ]
);
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
stream_context_set_option($context, 'ssl', 'verify_peer', false);
stream_context_set_option($context, 'ssl', 'verify_peer_name', false);
if ($socket = stream_socket_client( 'tls://'.$host.':'.$port, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context) ) {
$meta = stream_get_meta_data($socket);
print_r( $meta );
fwrite($socket, "Hello, World!\n");
echo stream_socket_recvfrom($socket,8192);
fclose($socket);
} else {
echo "ERROR: $errno - $errstr\n";
}
server.php
<?php
// Set the ip and port we will listen on
$address = '192.168.10.10';
$port = 8080;
$cert = 'assets/cert.pem';
$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'local_cert', $cert);
stream_context_set_option($context, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_SERVER);
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
stream_context_set_option($context, 'ssl', 'verify_peer', false);
stream_context_set_option($context, 'ssl', 'verify_peer_name', false);
$server = stream_socket_server('tls://'.$address.':'.$port, $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
// Display server start time
echo "PHP Socket Server started at " . $address . " " . $port . ", at ". date( 'Y-m-d H:i:s' ) ."\n";
// loop and listen
while (true) {
/* Accept incoming requests and handle them as child processes */
$client = stream_socket_accept($server);
$ip = stream_socket_get_name( $client, true );
echo "New connection from " . $ip;
stream_set_blocking($client, true); // block the connection until SSL is done
stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_SERVER);
// Read the input from the client – 1024 bytes
$input = fread($client, 1024);
// unblock connection
stream_set_blocking($client, false);
// Strip all white spaces from input
$output = preg_replace("[ \t\n\r]", "", $input) . "[=12=]";
$new = $input;
// Display Date, IP and Msg received
echo date( 'Y-m-d H:i:s' ) . " | " . $ip . ": 3[0;32m" . $input . "3[0m" . PHP_EOL;
fclose($client);
}
// Close the master sockets
socket_close($sock);
PHP 有可悲的 SSL 问题。更糟糕的是,它们是 OS 依赖的,大多数修复都是针对 REHL 的。我正在为您提供示例完整代码和其他指南。他们可能会帮助你。为避免这些错误,this library is commonly used。这并不总是实用的。
第 32 行应该是这样的:
stream_set_blocking($client, true); // block the connection until SSL is done
这里是stream blocking doc on PHP manual, also read this. Here is a good guide on using SSL with PHP, here is example of client-server。可以以这种方式添加密码:
$context = stream_context_create(
[
'ssl' => [
'ciphers' => 'DHE-RSA-AES256-SHA:LONG-CIPHER',
],
]
);
事实证明,问题与 OpenSSL 和可用的传输流有关。该问题已通过以下方式解决:
- 正在将 OpenSSL 更新到最新版本(
1.0.2k,以支持 TLS v1.2)
- 正在重新编译PHP以启用 tlsv1.2 传输流
更新代码以在服务器和客户端上使用 tlsv1.2:// 作为协议,例如
$server = stream_socket_server('tlsv1.2://'.$address.':'.$port, $errno,
$errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
和
$socket = stream_socket_client( 'tlsv1.2://'.$host.':'.$port, $errno,
$errstr, 30, STREAM_CLIENT_CONNECT, $context)
一旦传输流更新为 TLSv1.2,就不再需要密码选项,脚本成功协商了 TLS 连接。
我遇到过类似的问题。但是我的证书和私钥在单独的文件中。根据 PHP 文档,您应该能够单独加载私钥:
stream_context_set_option($context, 'ssl', 'local_cert', '/etc/apache2/ssl/public_crt.cert');
stream_context_set_option($context, 'ssl', 'local_pk', '/etc/apache2/ssl/private_key.pem');
事实证明这对我不起作用,导致原始 post 中出现相同的错误消息。将证书和密钥合并到一个文件中就成功了:
cat public_crt.cert private_key.pem > combined_cert.pem
并在 PHP 中设置新的组合证书,使事情起作用:
stream_context_set_option($context, 'ssl', 'local_cert', '/etc/apache2/ssl/combined_cert.pem');
我正在尝试使用 PHP 带 SSL/TLS 的套接字创建服务器和客户端。但是,当向服务器发送数据时,我收到以下错误:
PHP Warning: stream_socket_accept(): SSL_R_NO_SHARED_CIPHER: no suitable shared cipher could be used. This could be because the server is missing an SSL certificate (local_cert context option) in server.php on line 32
我查看了其他示例并尝试了各种更改但无济于事。非常感谢任何帮助。
client.php
<?php
$host = '192.168.10.10';
$port = 8080;
$timeout = 30;
$cert = 'assets/cert.pem';
$context = stream_context_create(
[ 'ssl'=> [ 'local_cert'=> $cert, "crypto_method" => STREAM_CRYPTO_METHOD_TLS_CLIENT ] ]
);
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
stream_context_set_option($context, 'ssl', 'verify_peer', false);
stream_context_set_option($context, 'ssl', 'verify_peer_name', false);
if ($socket = stream_socket_client( 'tls://'.$host.':'.$port, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context) ) {
$meta = stream_get_meta_data($socket);
print_r( $meta );
fwrite($socket, "Hello, World!\n");
echo stream_socket_recvfrom($socket,8192);
fclose($socket);
} else {
echo "ERROR: $errno - $errstr\n";
}
server.php
<?php
// Set the ip and port we will listen on
$address = '192.168.10.10';
$port = 8080;
$cert = 'assets/cert.pem';
$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'local_cert', $cert);
stream_context_set_option($context, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_SERVER);
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
stream_context_set_option($context, 'ssl', 'verify_peer', false);
stream_context_set_option($context, 'ssl', 'verify_peer_name', false);
$server = stream_socket_server('tls://'.$address.':'.$port, $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
// Display server start time
echo "PHP Socket Server started at " . $address . " " . $port . ", at ". date( 'Y-m-d H:i:s' ) ."\n";
// loop and listen
while (true) {
/* Accept incoming requests and handle them as child processes */
$client = stream_socket_accept($server);
$ip = stream_socket_get_name( $client, true );
echo "New connection from " . $ip;
stream_set_blocking($client, true); // block the connection until SSL is done
stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_SERVER);
// Read the input from the client – 1024 bytes
$input = fread($client, 1024);
// unblock connection
stream_set_blocking($client, false);
// Strip all white spaces from input
$output = preg_replace("[ \t\n\r]", "", $input) . "[=12=]";
$new = $input;
// Display Date, IP and Msg received
echo date( 'Y-m-d H:i:s' ) . " | " . $ip . ": 3[0;32m" . $input . "3[0m" . PHP_EOL;
fclose($client);
}
// Close the master sockets
socket_close($sock);
PHP 有可悲的 SSL 问题。更糟糕的是,它们是 OS 依赖的,大多数修复都是针对 REHL 的。我正在为您提供示例完整代码和其他指南。他们可能会帮助你。为避免这些错误,this library is commonly used。这并不总是实用的。
第 32 行应该是这样的:
stream_set_blocking($client, true); // block the connection until SSL is done
这里是stream blocking doc on PHP manual, also read this. Here is a good guide on using SSL with PHP, here is example of client-server。可以以这种方式添加密码:
$context = stream_context_create(
[
'ssl' => [
'ciphers' => 'DHE-RSA-AES256-SHA:LONG-CIPHER',
],
]
);
事实证明,问题与 OpenSSL 和可用的传输流有关。该问题已通过以下方式解决:
- 正在将 OpenSSL 更新到最新版本(
1.0.2k,以支持 TLS v1.2) - 正在重新编译PHP以启用 tlsv1.2 传输流
更新代码以在服务器和客户端上使用
tlsv1.2://作为协议,例如$server = stream_socket_server('tlsv1.2://'.$address.':'.$port, $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);和
$socket = stream_socket_client( 'tlsv1.2://'.$host.':'.$port, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context)
一旦传输流更新为 TLSv1.2,就不再需要密码选项,脚本成功协商了 TLS 连接。
我遇到过类似的问题。但是我的证书和私钥在单独的文件中。根据 PHP 文档,您应该能够单独加载私钥:
stream_context_set_option($context, 'ssl', 'local_cert', '/etc/apache2/ssl/public_crt.cert');
stream_context_set_option($context, 'ssl', 'local_pk', '/etc/apache2/ssl/private_key.pem');
事实证明这对我不起作用,导致原始 post 中出现相同的错误消息。将证书和密钥合并到一个文件中就成功了:
cat public_crt.cert private_key.pem > combined_cert.pem
并在 PHP 中设置新的组合证书,使事情起作用:
stream_context_set_option($context, 'ssl', 'local_cert', '/etc/apache2/ssl/combined_cert.pem');