ClientTlsContext
in package
Table of Contents
Constants
- TLSv1_0 = \STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
- TLSv1_1 = \STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT
- TLSv1_2 = \STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
- TLSv1_3 = \STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT
- TLS_VERSIONS = ['TLSv1.0' => self::TLSv1_0, 'TLSv1.1' => self::TLSv1_1, 'TLSv1.2' => self::TLSv1_2, 'TLSv1.3' => self::TLSv1_3]
Properties
- $alpnProtocols : array<string|int, string>
- $caFile : string|null
- $caPath : string|null
- $capturePeer : bool
- $certificate : Certificate|null
- $ciphers : string|null
- $minVersion : int
- $peerFingerprint : array<string|int, mixed>|null
- $peerName : string
- $securityLevel : int
- $sniEnabled : bool
- $verifyDepth : int
- $verifyPeer : bool
Methods
- __construct() : mixed
- getApplicationLayerProtocols() : array<string|int, string>
- getCaFile() : null|string
- getCaPath() : null|string
- getCertificate() : Certificate|null
- getCiphers() : string
- getMinimumVersion() : int
- Returns the minimum TLS version to negotiate.
- getPeerFingerprints() : array<string|int, mixed>|null
- getPeerName() : null|string
- getSecurityLevel() : int
- getVerificationDepth() : int
- hasPeerCapturing() : bool
- hasPeerVerification() : bool
- hasSni() : bool
- toStreamContextArray() : array<string|int, mixed>
- Converts this TLS context into PHP's equivalent stream context array.
- toStreamCryptoMethod() : int
- withApplicationLayerProtocols() : self
- withCaFile() : self
- CAFile to check for trusted certificates.
- withCaPath() : self
- CAPath to check for trusted certificates.
- withCertificate() : self
- Client certificate to use, if key is no present it assumes it is present in the same file as the certificate.
- withCiphers() : self
- List of ciphers to negotiate, the server's order is always preferred.
- withMinimumVersion() : self
- Minimum TLS version to negotiate.
- withoutPeerCapturing() : self
- Don't capture the certificates sent by the peer.
- withoutPeerFingerprints() : self
- withoutPeerVerification() : self
- Disable peer verification, this is the default for servers.
- withoutSni() : self
- Disable SNI.
- withPeerCapturing() : self
- Capture the certificates sent by the peer.
- withPeerFingerprint() : self
- withPeerFingerprints() : self
- withPeerName() : self
- Expected name of the peer.
- withPeerVerification() : self
- Enable peer verification.
- withSecurityLevel() : self
- Security level to use.
- withSni() : self
- Enable SNI.
- withVerificationDepth() : self
- Maximum chain length the peer might present including the certificates in the local trust store.
Constants
TLSv1_0
public
mixed
TLSv1_0
= \STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
TLSv1_1
public
mixed
TLSv1_1
= \STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT
TLSv1_2
public
mixed
TLSv1_2
= \STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
TLSv1_3
public
mixed
TLSv1_3
= \STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT
TLS_VERSIONS
private
mixed
TLS_VERSIONS
= ['TLSv1.0' => self::TLSv1_0, 'TLSv1.1' => self::TLSv1_1, 'TLSv1.2' => self::TLSv1_2, 'TLSv1.3' => self::TLSv1_3]
Properties
$alpnProtocols
private
array<string|int, string>
$alpnProtocols
= []
$caFile
private
string|null
$caFile
= null
$caPath
private
string|null
$caPath
= null
$capturePeer
private
bool
$capturePeer
= false
$certificate
private
Certificate|null
$certificate
= null
$ciphers
private
string|null
$ciphers
= null
$minVersion
private
int
$minVersion
= self::TLSv1_2
$peerFingerprint
private
array<string|int, mixed>|null
$peerFingerprint
= null
$peerName
private
string
$peerName
$securityLevel
private
int
$securityLevel
= 2
$sniEnabled
private
bool
$sniEnabled
= true
$verifyDepth
private
int
$verifyDepth
= 10
$verifyPeer
private
bool
$verifyPeer
= true
Methods
__construct()
public
__construct([string $peerName = '' ]) : mixed
Parameters
- $peerName : string = ''
getApplicationLayerProtocols()
public
getApplicationLayerProtocols() : array<string|int, string>
Return values
array<string|int, string>getCaFile()
public
getCaFile() : null|string
Return values
null|string —Path to the trusted certificates file if one is set, otherwise null.
getCaPath()
public
getCaPath() : null|string
Return values
null|string —Path to the trusted certificate directory if one is set, otherwise null.
getCertificate()
public
getCertificate() : Certificate|null
Return values
Certificate|nullgetCiphers()
public
getCiphers() : string
Return values
string —List of ciphers in OpenSSL's format (colon separated).
getMinimumVersion()
Returns the minimum TLS version to negotiate.
public
getMinimumVersion() : int
Return values
intgetPeerFingerprints()
public
getPeerFingerprints() : array<string|int, mixed>|null
Return values
array<string|int, mixed>|nullgetPeerName()
public
getPeerName() : null|string
Return values
null|string —Expected name of the peer or null if such an expectation doesn't exist.
getSecurityLevel()
public
getSecurityLevel() : int
Return values
int —Security level between 0 and 5. Always 0 for OpenSSL < 1.1.0.
getVerificationDepth()
public
getVerificationDepth() : int
Return values
int —Maximum length of the certificate chain.
hasPeerCapturing()
public
hasPeerCapturing() : bool
Return values
bool —Whether to capture the certificates sent by the peer.
hasPeerVerification()
public
hasPeerVerification() : bool
Return values
bool —Whether peer verification is enabled.
hasSni()
public
hasSni() : bool
Return values
bool —Whether SNI is enabled or not.
toStreamContextArray()
Converts this TLS context into PHP's equivalent stream context array.
public
toStreamContextArray() : array<string|int, mixed>
Return values
array<string|int, mixed> —Stream context array compatible with PHP's streams.
toStreamCryptoMethod()
public
toStreamCryptoMethod() : int
Return values
int —Crypto method compatible with PHP's streams.
withApplicationLayerProtocols()
public
withApplicationLayerProtocols(array<string|int, string> $protocols) : self
Parameters
- $protocols : array<string|int, string>
Return values
self —Cloned, modified instance.
withCaFile()
CAFile to check for trusted certificates.
public
withCaFile([string|null $cafile = null ]) : self
Parameters
- $cafile : string|null = null
-
Path to the file or
nullto unset.
Return values
self —Cloned, modified instance.
withCaPath()
CAPath to check for trusted certificates.
public
withCaPath([string|null $capath = null ]) : self
Parameters
- $capath : string|null = null
-
Path to the directory or
nullto unset.
Return values
self —Cloned, modified instance.
withCertificate()
Client certificate to use, if key is no present it assumes it is present in the same file as the certificate.
public
withCertificate([Certificate $certificate = null ]) : self
Parameters
- $certificate : Certificate = null
-
Certificate and private key info
Return values
self —Cloned, modified instance.
withCiphers()
List of ciphers to negotiate, the server's order is always preferred.
public
withCiphers([string|null $ciphers = null ]) : self
Parameters
- $ciphers : string|null = null
-
List of ciphers in OpenSSL's format (colon separated).
Return values
self —Cloned, modified instance.
withMinimumVersion()
Minimum TLS version to negotiate.
public
withMinimumVersion(int $version) : self
Defaults to TLS 1.2.
Parameters
- $version : int
-
One of the
ClientTlsContext::TLSv*constants.
Tags
Return values
self —Cloned, modified instance.
withoutPeerCapturing()
Don't capture the certificates sent by the peer.
public
withoutPeerCapturing() : self
Return values
self —Cloned, modified instance.
withoutPeerFingerprints()
public
withoutPeerFingerprints() : self
Return values
selfwithoutPeerVerification()
Disable peer verification, this is the default for servers.
public
withoutPeerVerification() : self
Warning: You usually shouldn't disable this setting for clients, because it allows active MitM attackers to intercept the communication and change it without anyone noticing.
Return values
self —Cloned, modified instance.
withoutSni()
Disable SNI.
public
withoutSni() : self
Return values
self —Cloned, modified instance.
withPeerCapturing()
Capture the certificates sent by the peer.
public
withPeerCapturing() : self
Note: This is the chain as sent by the peer, NOT the verified chain.
Return values
self —Cloned, modified instance.
withPeerFingerprint()
public
withPeerFingerprint(string $fingerprint) : self
Parameters
- $fingerprint : string
Return values
selfwithPeerFingerprints()
public
withPeerFingerprints(array<string|int, mixed> $fingerprints) : self
Parameters
- $fingerprints : array<string|int, mixed>
Return values
selfwithPeerName()
Expected name of the peer.
public
withPeerName(string $peerName) : self
Parameters
- $peerName : string
Return values
self —Cloned, modified instance.
withPeerVerification()
Enable peer verification.
public
withPeerVerification() : self
Return values
self —Cloned, modified instance.
withSecurityLevel()
Security level to use.
public
withSecurityLevel(int $level) : self
Requires OpenSSL 1.1.0 or higher.
Parameters
- $level : int
-
Must be between 0 and 5.
Return values
self —Cloned, modified instance.
withSni()
Enable SNI.
public
withSni() : self
Return values
self —Cloned, modified instance.
withVerificationDepth()
Maximum chain length the peer might present including the certificates in the local trust store.
public
withVerificationDepth(int $verifyDepth) : self
Parameters
- $verifyDepth : int
-
Maximum length of the certificate chain.
Return values
self —Cloned, modified instance.