我正在尝试使用带有SSL/TLS的PHP套接字创建服务器和客户端.但是,将数据发送到服务器时,出现以下错误:
I am attempting to create a server and client using PHP Sockets with SSL / TLS. However, when sending data to the server, I receive the following error:
PHP警告:stream_socket_accept():SSL_R_NO_SHARED_CIPHER:否 可以使用适当的共享密码.这可能是因为 服务器在以下位置缺少SSL证书(local_cert上下文选项) 第32行的server.php
PHP Warning: stream_socket_accept(): SSL_R_NO_SHARED_CIPHER: no suitable shared cipher could be used. This could be because the server is missing an SSL certificate (local_cert context option) in server.php on line 32
我看过其他示例,并尝试了各种更改,但无济于事.任何帮助都将不胜感激.
I've looked at other examples and tried various changes to no avail. Any help could be much appreciated.
client.php
<?php $host = '192.168.10.10'; $port = 8080; $timeout = 30; $cert = 'assets/cert.pem'; $context = stream_context_create( [ 'ssl'=> [ 'local_cert'=> $cert, "crypto_method" => STREAM_CRYPTO_METHOD_TLS_CLIENT ] ] ); stream_context_set_option($context, 'ssl', 'allow_self_signed', true); stream_context_set_option($context, 'ssl', 'verify_peer', false); stream_context_set_option($context, 'ssl', 'verify_peer_name', false); if ($socket = stream_socket_client( 'tls://'.$host.':'.$port, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context) ) { $meta = stream_get_meta_data($socket); print_r( $meta ); fwrite($socket, "Hello, World!\n"); echo stream_socket_recvfrom($socket,8192); fclose($socket); } else { echo "ERROR: $errno - $errstr\n"; }server.php
<?php // Set the ip and port we will listen on $address = '192.168.10.10'; $port = 8080; $cert = 'assets/cert.pem'; $context = stream_context_create(); stream_context_set_option($context, 'ssl', 'local_cert', $cert); stream_context_set_option($context, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_SERVER); stream_context_set_option($context, 'ssl', 'allow_self_signed', true); stream_context_set_option($context, 'ssl', 'verify_peer', false); stream_context_set_option($context, 'ssl', 'verify_peer_name', false); $server = stream_socket_server('tls://'.$address.':'.$port, $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context); // Display server start time echo "PHP Socket Server started at " . $address . " " . $port . ", at ". date( 'Y-m-d H:i:s' ) ."\n"; // loop and listen while (true) { /* Accept incoming requests and handle them as child processes */ $client = stream_socket_accept($server); $ip = stream_socket_get_name( $client, true ); echo "New connection from " . $ip; stream_set_blocking($client, true); // block the connection until SSL is done stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_SERVER); // Read the input from the client – 1024 bytes $input = fread($client, 1024); // unblock connection stream_set_blocking($client, false); // Strip all white spaces from input $output = preg_replace("[ \t\n\r]", "", $input) . "\0"; $new = $input; // Display Date, IP and Msg received echo date( 'Y-m-d H:i:s' ) . " | " . $ip . ": \033[0;32m" . $input . "\033[0m" . PHP_EOL; fclose($client); } // Close the master sockets socket_close($sock);推荐答案
事实证明,问题与OpenSSL和可用的传输流有关.该问题已通过以下方式解决:
It turns out that the issue was related to OpenSSL and the transport streams available. The issue was resolved by:
- 将OpenSSL更新到最新版本(1.0.2k,以支持TLS v1.2)
- 重新编译PHP以启用tlsv1.2传输流
-
更新代码以将tlsv1.2://用作服务器和客户端上的协议,例如
- Updating OpenSSL to the latest version (1.0.2k, to support TLS v1.2)
- Recompiling PHP to enable tlsv1.2 transport stream
Updating the code to use tlsv1.2:// as the protocol on both the server and the client, e.g.
和
$socket = stream_socket_client( 'tlsv1.2://'.$host.':'.$port, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context)
一旦传输流更新到TLSv1.2,就不需要使用cipher选项,并且脚本成功地协商了TLS连接.
Once the transport stream was updated to TLSv1.2, there was no need for the cipher option, and the scripts successfully negotiated a TLS connection.
更多推荐
具有SSL/TLS的PHP套接字
发布评论