PHP :: Bug #73388 :: STREAM_CRYPTO_METHOD_TLS_CLIENT restricted to TLS1.0 only

Bug #73388

STREAM_CRYPTO_METHOD_TLS_CLIENT restricted to TLS1.0 only

Submitted:

2016-10-26 07:48 UTC

Modified:

2017-07-30 17:54 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

arjen at parse dot nl

Assigned:

bukka (profile)

Status:

Closed

Package:

OpenSSL related

PHP Version:

7.0.12

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	arjen at parse dot nl
New email:
PHP Version:		OS:

New Comment:

[2016-10-26 07:48 UTC] arjen at parse dot nl

Description:
------------
In 5.6 some openssl improvements were made: http://php.net/manual/en/migration56.openssl.php

The changelog mentions STREAM_CRYPTO_METHOD_TLS_CLIENT as constant for any TLS version.

Because of BC, this was reverted in https://bugs.php.net/bug.php?id=69195

STREAM_CRYPTO_METHOD_TLS_CLIENT is now TLSv1.0 only, while STREAM_CRYPTO_METHOD_SSLv23_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT

(see http://php.net/manual/en/function.stream-socket-enable-crypto.php#119122)

We started using the STREAM_CRYPTO_METHOD_TLS_CLIENT constant with 5.6.0 and now found out we couldn't connect to a service only supporting TLS v1.1 and v1.2 So by following the changelog and using a TLS_CLIENT specific constant, we ended up in a situation with WORSE TLS version support...

A quick search on github on STREAM_CRYPTO_METHOD_TLS_CLIENT language:PHP returns 207,607 occurrences, while STREAM_CRYPTO_METHOD_SSLv23_CLIENT returns 28,956 results.

Solution: STREAM_CRYPTO_METHOD_TLS_CLIENT should also enable STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-10-26 07:56 UTC] arjen at parse dot nl

And the STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT constant created in https://github.com/php/php-src/commit/10bc5fd4c4c8e1dd57bd911b086e9872a56300a0 should be exposed as constant in userland in https://github.com/php/php-src/blob/6053987bc27e8dede37f437193a5cad448f99bce/ext/standard/file.c#L223

[2016-10-26 09:11 UTC] kalle@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: rdlowrey

[2016-10-26 09:11 UTC] kalle@php.net

It seems reasonable to expose this constant, assigning it to you Daniel as you did the bug fix commit back then :)

[2016-10-26 09:42 UTC] arjen at parse dot nl

STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT should be exposed and should match all future TLS version (like 1.3).

AND the existing STREAM_CRYPTO_METHOD_TLS_CLIENT should be updated to include STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT (and possibly no future TLS versions). Just like STREAM_CRYPTO_METHOD_SSLv23_CLIENT got it added in 5.6.7.

Why add it to the STREAM_CRYPTO_METHOD_SSLv23_CLIENT constant and not STREAM_CRYPTO_METHOD_TLS_CLIENT? It makes no sense. People upgrading their code from SSLv23_CLIENT (sounds pretty old) to TLS_CLIENT get worse protocol support.


STREAM_CRYPTO_METHOD_TLS_CLIENT

PHP 		TLS 1.0		TLS 1.1 	TLS 1.2		SSL23
5.5.x:		+		no supported 	not supported	-
5.6.0-5.6.6	+		+		+		-
5.6.7-		+		-		-		-


STREAM_CRYPTO_METHOD_SSLv23_CLIENT

PHP 		TLS 1.0		TLS 1.1 	TLS 1.2		SSL23
5.5.x:		+		no supported 	not supported	+
5.6.0-5.6.6	-		-		-		+
5.6.7-		+		+		+		-

[2016-11-02 08:35 UTC] bwoebi@php.net

I fundamentally agree here.

We cannot change STREAM_CRYPTO_METHOD_SSLv23_CLIENT due to it meaning worse support, but I suppose we're safe changing STREAM_CRYPTO_METHOD_TLS_CLIENT (and the _SERVER counterpart) to any TLS version.

At that point adding STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT is useless.

What I would recommend however, is a constant for each TLS version supporting that version *and all higher versions*.

I.e.

STREAM_CRYPTO_METHOD_MINIMUM_TLSv1_0_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
STREAM_CRYPTO_METHOD_MINIMUM_TLSv1_1_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
STREAM_CRYPTO_METHOD_MINIMUM_TLSv1_2_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT

And when TLSv1.3 gets added, it automatically is added to these constants. Which is what you typically want, I think.

[2016-11-02 11:53 UTC] arjen at parse dot nl

I don't think introducing more constants makes it safer..

If STREAM_CRYPTO_METHOD_MINIMUM_TLSv1_0_CLIENT is created and TLSv1_0 is considered insecure, what would happen to the constant? Modified to NOT include v1_0? Dropped?

If we define STREAM_CRYPTO_METHOD_TLS_CLIENT as the 'recommended/safe set of TLS versions', new TLS versions (1.3) can be added and once TLS 1.0 is considered insecure it can be removed. Like what has been done to STREAM_CRYPTO_METHOD_SSLv23_CLIENT, but without the confusing name.

If a developer wants to explicitly choose which versions to support, he should create his own constant with a combination of STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT

Changes to the STREAM_CRYPTO_METHOD_TLS_CLIENT constant should be mentioned in the CHANGES file, so developers could choose to pick their own set of versions.

[2017-04-28 15:19 UTC] bukka@php.net

-Assigned To: rdlowrey +Assigned To: bukka

[2017-04-28 15:19 UTC] bukka@php.net

I'm re-assigning to myself as Daniel seems to be inactive and this has also relation to OpenSSL 1.1 upgrade where single protocol specification is deprecated. I would really like to move completely away from the crypto_method API (at least inernally we will have to). I think there also is an issue with protocol holes like skipping 1.1 if you specify just 1.0 and 1.2 for example which might cause some issues.

What I think we should do is to just specify min and max protocol version. It means using

https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_min_proto_version.html

in OpenSSL 1.1 and backport the behaviour to 1.0.{1,2} (just using set of crypto methods). 

From the user point of view I would imagine introducing two new stream context options - min_proto and max_proto. We could still support crypto_method for a while (we should however warn about protocol holes) and going forward deprecate it as well as deprecate specific protocol streams - tlsv1.0 and so on and keep just tls and ssl.

[2017-07-30 17:54 UTC] bukka@php.net

-Status: Assigned +Status: Closed

[2017-07-30 17:54 UTC] bukka@php.net

This has been addressed by https://wiki.php.net/rfc/improved-tls-constants which is part of 7.2

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Aug 30 08:00:03 2025 UTC