1.2.841. No Weak SSL Crypto¶
When enabling PHP’s stream SSL, it is important to use a safe protocol.
All the SSL protocols (1.0, 2.0, 3.0), and TLS (1.0 are unsafe. The best is to use the most recent TLS, version 1.2.
stream_socket_enable_crypto() and curl_setopt() are checked. Using the TLS transport protocol of PHP will choose the version by itself.
<?php
// This socket will use SSL v2, which
$socket = 'sslv2://www.example.com';
$fp = fsockopen($socket, 80, $errno, $errstr, 30);
?>
See also Insecure Transportation Security Protocol Supported (TLS 1.0), The 2018 Guide to Building Secure PHP Software and Internet Domain: TCP, UDP, SSL, and TLS.
1.2.841.1. Suggestions¶
Use TLS transport, with version 1.2
1.2.841.2. Specs¶
Short name |
Security/NoWeakSSLCrypto |
Rulesets |
|
Exakat since |
1.9.6 |
PHP Version |
All |
Severity |
Minor |
Time To Fix |
Quick (30 mins) |
Precision |
High |
Features |
ssl |
Available in |