我正在编写一个简单的检查程序,您可以输入一个URL来检查输入的URL是否使用TLS 1.0,1.1或1.2。基本上我想要显示一条消息说" Yoursite.com正在使用TLS 1.0。建议禁用此功能。"
问题是,如果我是拨打电话的服务器,我只能弄明白。然后我可以使用this。这允许你编写一个Curl脚本,连接到howsmyssl.com,它将返回我用来连接的连接。这不是我想要的。
我想知道如何使用PHP连接到URL,并查看该服务器是否支持TLS1.0,1.1或1.2。
有办法做到这一点吗?
答案 0 :(得分:21)
这个怎么样:
<?php
$url = 'https://fancyssl.hboeck.de/';
$protocols = [
'TLS1.0' => ['protocol' => CURL_SSLVERSION_TLSv1_0, 'sec' => false],
'TLS1.1' => ['protocol' => CURL_SSLVERSION_TLSv1_1, 'sec' => false],
'TLS1.2' => ['protocol' => CURL_SSLVERSION_TLSv1_2, 'sec' => true],
'TLS1.3' => ['protocol' => CURL_SSLVERSION_TLSv1_3, 'sec' => true],
];
foreach ($protocols as $name => $value) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSLVERSION, $value['protocol']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch) !== false;
if ($value['sec'] && !$response) {
echo "Secure $name not supported =( \n";
} elseif ($value['sec'] && $response) {
echo "Ok! Secure $name supported \n";
} elseif (!$value['sec'] && $response) {
echo "Insecure $name supported =( \n";
} elseif (!$value['sec'] && !$response) {
echo "Ok! Insecure $name not supported\n";
}
}
输出是:
Ok! Insecure TLS1.0 not supported
Ok! Insecure TLS1.1 not supported
Ok! Secure TLS1.2 supported
Ok! Secure TLS1.3 supported
答案 1 :(得分:6)
<?php
$ch = curl_init('https://www.howsmyssl.com/a/check');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
curl_close($ch);
$json = json_decode($data);
echo $json->tls_version;
?>
$ json-&gt; tls_version可能就是你要找的东西。
答案 2 :(得分:4)
如果服务器有有效答案,您可以查看:
$site = 'google.com';
$ctx = stream_context_create(['ssl' => [
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
]]);
@$r = file_get_contents("https://$site/", FALSE, $ctx);
if ($r === false) {
$answer = "$site is using TLS 1.0. It is recommended to disable this";
}