php - fockopen: Failed to enable crypto -
similar questions have been answered before, haven't been able solve particular case.
on php 5.6+ machine when try use fsockopen on particular domain receive following (not real domain):
$ php -r "var_dump(fsockopen(\"ssl://www.domain.net\", 9085, \$errnum, \$errstr, 5));" php warning: fsockopen(): failed enable crypto in command line code on line 1 php warning: fsockopen(): unable connect ssl://www.domain.net:9085 (unknown error) in command line code on line 1 bool(false)
this works fine on php 5.5, points being change in 5.6 dealing way fsockopen verifies ssl certificates.
other connections can made without issue:
$ php -r "var_dump(fsockopen(\"ssl://www.google.com\", 443, \$errnum, \$errstr, 5));" resource(4) of type (stream)
based on other suggestions i've checked default cert file
$ php -r "print_r(openssl_get_cert_locations());" array ( [default_cert_file] => /usr/lib/ssl/cert.pem [default_cert_file_env] => ssl_cert_file [default_cert_dir] => /usr/lib/ssl/certs [default_cert_dir_env] => ssl_cert_dir [default_private_dir] => /usr/lib/ssl/private [default_default_cert_area] => /usr/lib/ssl [ini_cafile] => [ini_capath] => )
the file /usr/lib/ssl/cert.pem
missing, download ca bundle curl , renamed match. still no luck.
i'm not receiving additional information indicating verifying certificate fails. there other ways debug issue?
after head bashing, discovered cause.
php 5.6 implemented default set of support ciphers, removed support older more vulnerable ones. http://php.net/manual/en/migration56.openssl.php
the default ciphers used php have been updated more secure list based on » mozilla cipher recommendations, 2 additional exclusions: anonymous diffie-hellman ciphers, , rc4. domain attempting connected supports tlsv1/sslv3, cipher rc4-md5
do work around issue switched stream_socket_client instead of fsockopen. added rc4-md5 stream cipher support in context:
$context = stream_context_create(['ssl' => [ 'ciphers' => 'rc4-md5' ]]); $socket = stream_socket_client('ssl://'.$host.':'.$port, $errno, $errstr, 30, stream_client_connect, $context);
Comments
Post a Comment