PHP :: Bug #76575 :: PDO does not support EC crypto |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76575 PDO does not support EC crypto
Submitted: 2018-07-03 23:53 UTC Modified: 2018-07-03 23:59 UTC
From: 2ce27k7518ek at opayq dot com Assigned:
Status: Open Package: PDO MySQL
PHP Version: 7.2.7 OS: any
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-07-03 23:53 UTC] 2ce27k7518ek at opayq dot com
It's not possible to use elliptic curve certs/ciphers for SSL pdo_mysql connection

Actual result:
I'm running php 7.2.7 on linux

	php -v
		PHP 7.2.7-dev (cli) (built: Jun 23 2018 08:57:14) ( NTS )
		Copyright (c) 1997-2018 The PHP Group
		Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
		    with Zend OPcache v7.2.7-dev, Copyright (c) 1999-2018, by Zend Technologies

pdo exts are built with config


openssl is

	openssl version
		OpenSSL 1.1.0h  27 Mar 2018

sql/ssl extensions loaded include

	php -m |egrep "pdo|ssl|sql"

My DB is

	mariadb_config --version --tlsinfo --socket
		OpenSSL 1.1.0h

I use driver == pdo_mysql for connections in a Symfony4+Doctrine app.

Without SSL, connections work as expected -- both from within app via pdo, and from shell using native mysql client

Adding SSL to the mix, from shell using native mysql client, works

	mysql \
	 -h localhost \
	 -u ${DBUSER} \
	 --password=${DBPASS} \
	 --ssl-ca=${SSL_CA_CERT} \
	 --ssl-cert=${SSL_CERT} \
	 --ssl-key=${SSL_PRIVKEY} \
	 --ssl-cipher=${SSL_CIPHERS} \
	 --ssl-verify-server-cert \

	MariaDB [testdb]> status;
		mysql  Ver 15.1 Distrib 10.3.8-MariaDB, for Linux (x86_64) using readline 5.1

		Connection id:          16
		Current database:       testdb
		Current user:           testuser@localhost
		SSL:                    Cipher in use is ECDHE-ECDSA-CHACHA20-POLY1305
		Current pager:          /usr/bin/less
		Using outfile:          ''
		Using delimiter:        ;
		Server:                 MariaDB
		Server version:         10.3.8-MariaDB-log Source distribution
		Protocol version:       10
		Connection:             Localhost via UNIX socket
		Server characterset:    utf8mb4
		Db     characterset:    utf8mb4
		Client characterset:    utf8mb4
		Conn.  characterset:    utf8mb4
		UNIX socket:            /var/cache/mariadb/mariadb.sock
		Uptime:                 54 min 34 sec

		Threads: 8  Questions: 27  Slow queries: 0  Opens: 17  Flush tables: 1  Open tables: 11  Queries per second avg: 0.008

But, using same ENV (certs, privkey, cipherspec), with key config in PHP app,

    !php/const:PDO::MYSQL_ATTR_SSL_CA:     '%env(SSL_CA_CERT)%'
    !php/const:PDO::MYSQL_ATTR_SSL_CERT:   '%env(SSL_CERT)%'
    !php/const:PDO::MYSQL_ATTR_SSL_KEY:    '%env(SSL_PRIVKEY)%'
    !php/const:PDO::MYSQL_ATTR_SSL_CIPHER: '%env(SSL_CIPHERS)%'

on attempt to connect from within app, e.g., on exec of

	bin/console doctrine:phpcr:init:dbal --force

fails, returning

	In AbstractMySQLDriver.php line 112:
	  An exception occurred in driver: SQLSTATE[HY000] [2002]  

	In PDOConnection.php line 50:
	  SQLSTATE[HY000] [2002]

	In PDOConnection.php line 46:
	  SQLSTATE[HY000] [2002]

	In PDOConnection.php line 46:
	  PDO::__construct(): this stream does not support SSL/crypto

The notable error being

	"PDO::__construct(): this stream does not support SSL/crypto"

Digging around, this is apparently due to a lack of EC support in pdo_mysql.

My certs/keys are EC, and my cipher spec is limited to


which is widely/consistently used across all our internal servers & services.

Apparently, EC support was added long ago for ext/openssl

	Request #61204 	Add elliptic curve support for OpenSSL


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-07-03 23:59 UTC] 2ce27k7518ek at opayq dot com
-Summary: SSL fails w/EC crt: "PDO::__construct(): this stream does not support SSL/crypt +Summary: PDO does not support EC crypto
 [2018-07-03 23:59 UTC] 2ce27k7518ek at opayq dot com
fix title
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sat Aug 18 12:01:26 2018 UTC