ServerTlsContext
in package
Table of Contents
Constants
- TLSv1_0 = \STREAM_CRYPTO_METHOD_TLSv1_0_SERVER
- TLSv1_1 = \STREAM_CRYPTO_METHOD_TLSv1_1_SERVER
- TLSv1_2 = \STREAM_CRYPTO_METHOD_TLSv1_2_SERVER
- TLSv1_3 = \STREAM_CRYPTO_METHOD_TLSv1_3_SERVER
- TLS_VERSIONS = ['TLSv1.0' => self::TLSv1_0, 'TLSv1.1' => self::TLSv1_1, 'TLSv1.2' => self::TLSv1_2, 'TLSv1.3' => self::TLSv1_3]
Properties
- $alpnProtocols : array<string|int, string>
- $caFile : string|null
- $caPath : string|null
- $capturePeer : bool
- $certificates : array<string|int, Certificate>
- $ciphers : string|null
- $defaultCertificate : Certificate|null
- $minVersion : int
- $peerName : string|null
- $securityLevel : int
- $verifyDepth : int
- $verifyPeer : bool
Methods
- fromServerResource() : self|null
- getApplicationLayerProtocols() : array<string|int, string>
- getCaFile() : null|string
- getCaPath() : null|string
- getCertificates() : array<string|int, mixed>
- getCiphers() : string
- getDefaultCertificate() : Certificate|null
- getMinimumVersion() : int
- Returns the minimum TLS version to negotiate.
- getPeerName() : null|string
- getSecurityLevel() : int
- getVerificationDepth() : int
- hasPeerCapturing() : bool
- hasPeerVerification() : bool
- toStreamContextArray() : array<string|int, mixed>
- Converts this TLS context into PHP's equivalent stream context array.
- toStreamCryptoMethod() : int
- withApplicationLayerProtocols() : self
- withCaFile() : self
- CAFile to check for trusted certificates.
- withCaPath() : self
- CAPath to check for trusted certificates.
- withCertificates() : self
- Certificates to use for the given host names.
- withCiphers() : self
- List of ciphers to negotiate, the server's order is always preferred.
- withDefaultCertificate() : self
- Default certificate to use in case no SNI certificate matches.
- withMinimumVersion() : self
- Minimum TLS version to negotiate.
- withoutPeerCapturing() : self
- Don't capture the certificates sent by the peer.
- withoutPeerVerification() : self
- Disable peer verification, this is the default for servers.
- withPeerCapturing() : self
- Capture the certificates sent by the peer.
- withPeerName() : self
- Expected name of the peer.
- withPeerVerification() : self
- Enable peer verification.
- withSecurityLevel() : self
- Security level to use.
- withVerificationDepth() : self
- Maximum chain length the peer might present including the certificates in the local trust store.
Constants
TLSv1_0
public
mixed
TLSv1_0
= \STREAM_CRYPTO_METHOD_TLSv1_0_SERVER
TLSv1_1
public
mixed
TLSv1_1
= \STREAM_CRYPTO_METHOD_TLSv1_1_SERVER
TLSv1_2
public
mixed
TLSv1_2
= \STREAM_CRYPTO_METHOD_TLSv1_2_SERVER
TLSv1_3
public
mixed
TLSv1_3
= \STREAM_CRYPTO_METHOD_TLSv1_3_SERVER
TLS_VERSIONS
private
mixed
TLS_VERSIONS
= ['TLSv1.0' => self::TLSv1_0, 'TLSv1.1' => self::TLSv1_1, 'TLSv1.2' => self::TLSv1_2, 'TLSv1.3' => self::TLSv1_3]
Properties
$alpnProtocols
private
array<string|int, string>
$alpnProtocols
= []
$caFile
private
string|null
$caFile
= null
$caPath
private
string|null
$caPath
= null
$capturePeer
private
bool
$capturePeer
= false
$certificates
private
array<string|int, Certificate>
$certificates
= []
$ciphers
private
string|null
$ciphers
= null
$defaultCertificate
private
Certificate|null
$defaultCertificate
= null
$minVersion
private
int
$minVersion
= self::TLSv1_2
$peerName
private
string|null
$peerName
= null
$securityLevel
private
int
$securityLevel
= 2
$verifyDepth
private
int
$verifyDepth
= 10
$verifyPeer
private
bool
$verifyPeer
= false
Methods
fromServerResource()
public
static fromServerResource(resource $socket) : self|null
Parameters
- $socket : resource
Return values
self|nullgetApplicationLayerProtocols()
public
getApplicationLayerProtocols() : array<string|int, string>
Return values
array<string|int, string>getCaFile()
public
getCaFile() : null|string
Return values
null|string —Path to the trusted certificates file if one is set, otherwise null.
getCaPath()
public
getCaPath() : null|string
Return values
null|string —Path to the trusted certificate directory if one is set, otherwise null.
getCertificates()
public
getCertificates() : array<string|int, mixed>
Return values
array<string|int, mixed> —Associative array mapping hostnames to certificate instances.
getCiphers()
public
getCiphers() : string
Return values
string —List of ciphers in OpenSSL's format (colon separated).
getDefaultCertificate()
public
getDefaultCertificate() : Certificate|null
Return values
Certificate|null —Default certificate to use in case no SNI certificate matches, or null if unset.
getMinimumVersion()
Returns the minimum TLS version to negotiate.
public
getMinimumVersion() : int
Return values
intgetPeerName()
public
getPeerName() : null|string
Return values
null|string —Expected name of the peer or null if such an expectation doesn't exist.
getSecurityLevel()
public
getSecurityLevel() : int
Return values
int —Security level between 0 and 5. Always 0 for OpenSSL < 1.1.0.
getVerificationDepth()
public
getVerificationDepth() : int
Return values
int —Maximum length of the certificate chain.
hasPeerCapturing()
public
hasPeerCapturing() : bool
Return values
bool —Whether to capture the certificates sent by the peer.
hasPeerVerification()
public
hasPeerVerification() : bool
Return values
bool —Whether peer verification is enabled.
toStreamContextArray()
Converts this TLS context into PHP's equivalent stream context array.
public
toStreamContextArray() : array<string|int, mixed>
Return values
array<string|int, mixed> —Stream context array compatible with PHP's streams.
toStreamCryptoMethod()
public
toStreamCryptoMethod() : int
Return values
int —Crypto method compatible with PHP's streams.
withApplicationLayerProtocols()
public
withApplicationLayerProtocols(array<string|int, string> $protocols) : self
Parameters
- $protocols : array<string|int, string>
Return values
self —Cloned, modified instance.
withCaFile()
CAFile to check for trusted certificates.
public
withCaFile([string|null $cafile = null ]) : self
Parameters
- $cafile : string|null = null
-
Path to the file or
nullto unset.
Return values
self —Cloned, modified instance.
withCaPath()
CAPath to check for trusted certificates.
public
withCaPath([string|null $capath = null ]) : self
Parameters
- $capath : string|null = null
-
Path to the directory or
nullto unset.
Return values
self —Cloned, modified instance.
withCertificates()
Certificates to use for the given host names.
public
withCertificates(array<string|int, mixed> $certificates) : self
Parameters
- $certificates : array<string|int, mixed>
-
Must be a associative array mapping hostnames to certificate instances.
Return values
self —Cloned, modified instance.
withCiphers()
List of ciphers to negotiate, the server's order is always preferred.
public
withCiphers([string|null $ciphers = null ]) : self
Parameters
- $ciphers : string|null = null
-
List of ciphers in OpenSSL's format (colon separated).
Return values
self —Cloned, modified instance.
withDefaultCertificate()
Default certificate to use in case no SNI certificate matches.
public
withDefaultCertificate([Certificate|null $defaultCertificate = null ]) : self
Parameters
- $defaultCertificate : Certificate|null = null
Return values
self —Cloned, modified instance.
withMinimumVersion()
Minimum TLS version to negotiate.
public
withMinimumVersion(int $version) : self
Defaults to TLS 1.2.
Parameters
- $version : int
-
One of the
ServerTlsContext::TLSv*constants.
Tags
Return values
self —Cloned, modified instance.
withoutPeerCapturing()
Don't capture the certificates sent by the peer.
public
withoutPeerCapturing() : self
Return values
self —Cloned, modified instance.
withoutPeerVerification()
Disable peer verification, this is the default for servers.
public
withoutPeerVerification() : self
Return values
self —Cloned, modified instance.
withPeerCapturing()
Capture the certificates sent by the peer.
public
withPeerCapturing() : self
Note: This is the chain as sent by the peer, NOT the verified chain.
Return values
self —Cloned, modified instance.
withPeerName()
Expected name of the peer.
public
withPeerName([string|null $peerName = null ]) : self
Parameters
- $peerName : string|null = null
Return values
self —Cloned, modified instance.
withPeerVerification()
Enable peer verification.
public
withPeerVerification() : self
Return values
self —Cloned, modified instance.
withSecurityLevel()
Security level to use.
public
withSecurityLevel(int $level) : self
Requires OpenSSL 1.1.0 or higher.
Parameters
- $level : int
-
Must be between 0 and 5.
Return values
self —Cloned, modified instance.
withVerificationDepth()
Maximum chain length the peer might present including the certificates in the local trust store.
public
withVerificationDepth(int $verifyDepth) : self
Parameters
- $verifyDepth : int
-
Maximum length of the certificate chain.
Return values
self —Cloned, modified instance.