padraic · February 27, 2014 19:29
diff --git a/fail.php b/fail.php
 <?php


 $url = 'https://www.packagist.org';
 $host = 'xxx.packagist.org';
 $ciphers = implode(':', array(
    'ECDHE-RSA-AES128-GCM-SHA256',
    'ECDHE-ECDSA-AES128-GCM-SHA256',
    'ECDHE-RSA-AES256-GCM-SHA384',
    'ECDHE-ECDSA-AES256-GCM-SHA384',
    'DHE-RSA-AES128-GCM-SHA256',
    'DHE-DSS-AES128-GCM-SHA256',
    'kEDH+AESGCM',
    'ECDHE-RSA-AES128-SHA256',
    'ECDHE-ECDSA-AES128-SHA256',
    'ECDHE-RSA-AES128-SHA',
    'ECDHE-ECDSA-AES128-SHA',
    'ECDHE-RSA-AES256-SHA384',
    'ECDHE-ECDSA-AES256-SHA384',
    'ECDHE-RSA-AES256-SHA',
    'ECDHE-ECDSA-AES256-SHA',
    'DHE-RSA-AES128-SHA256',
    'DHE-RSA-AES128-SHA',
    'DHE-DSS-AES128-SHA256',
    'DHE-RSA-AES256-SHA256',
    'DHE-DSS-AES256-SHA',
    'DHE-RSA-AES256-SHA',
    'AES128-GCM-SHA256',
    'AES256-GCM-SHA384',
    'ECDHE-RSA-RC4-SHA',
    'ECDHE-ECDSA-RC4-SHA',
    'AES128',
    'AES256',
    'RC4-SHA',
    'HIGH',
    '!aNULL',
    '!eNULL',
    '!EXPORT',
    '!DES',
    '!3DES',
    '!MD5',
    '!PSK'
 ));
 
 $ctx = stream_context_create(array(
    'ssl' => array(
        'ciphers' => $ciphers,
        'verify_peer' => true,
        'cafile' => '/etc/ssl/certs/ca-certificates.crt', // <-- EDIT FOR NON-DEBIAN/UBUNTU SYSTEMS
        'CN_match' => $host,
        'verify_depth' => 3,
        'disable_compression' => true,
        'SNI_enabled' => true,
        'SNI_server_name' => $host,
        'capture_peer_cert' => true
    )
 ));

 echo sha1(file_get_contents($url, false, $ctx)), PHP_EOL;

 $meta = stream_context_get_params($ctx);
 var_dump($meta['options']['ssl']);


 $ctx2 = stream_context_create(array(
    'ssl' => array(
        'ciphers' => $ciphers,
        'verify_peer' => true,
        'cafile' => '/etc/ssl/certs/ca-certificates.crt', // <-- EDIT FOR NON-DEBIAN/UBUNTU SYSTEMS
        'CN_match' => $host,
        'verify_depth' => 3,
        'disable_compression' => true,
        'SNI_enabled' => true,
        'SNI_server_name' => $host,
        'capture_peer_cert' => true
    )
 ));

 $socket = stream_socket_client('tcp://'.parse_url($url, PHP_URL_HOST).':443', $errno, $errstr, 20, STREAM_CLIENT_CONNECT, $ctx2);
 $secure = stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);

 $meta = stream_context_get_params($ctx);
 var_dump($meta['options']['ssl']);

 exit;
	<?php


	$url = 'https://www.packagist.org';
	$host = 'xxx.packagist.org';
	$ciphers = implode(':', array(
	'ECDHE-RSA-AES128-GCM-SHA256',
	'ECDHE-ECDSA-AES128-GCM-SHA256',
	'ECDHE-RSA-AES256-GCM-SHA384',
	'ECDHE-ECDSA-AES256-GCM-SHA384',
	'DHE-RSA-AES128-GCM-SHA256',
	'DHE-DSS-AES128-GCM-SHA256',
	'kEDH+AESGCM',
	'ECDHE-RSA-AES128-SHA256',
	'ECDHE-ECDSA-AES128-SHA256',
	'ECDHE-RSA-AES128-SHA',
	'ECDHE-ECDSA-AES128-SHA',
	'ECDHE-RSA-AES256-SHA384',
	'ECDHE-ECDSA-AES256-SHA384',
	'ECDHE-RSA-AES256-SHA',
	'ECDHE-ECDSA-AES256-SHA',
	'DHE-RSA-AES128-SHA256',
	'DHE-RSA-AES128-SHA',
	'DHE-DSS-AES128-SHA256',
	'DHE-RSA-AES256-SHA256',
	'DHE-DSS-AES256-SHA',
	'DHE-RSA-AES256-SHA',
	'AES128-GCM-SHA256',
	'AES256-GCM-SHA384',
	'ECDHE-RSA-RC4-SHA',
	'ECDHE-ECDSA-RC4-SHA',
	'AES128',
	'AES256',
	'RC4-SHA',
	'HIGH',
	'!aNULL',
	'!eNULL',
	'!EXPORT',
	'!DES',
	'!3DES',
	'!MD5',
	'!PSK'
	));

	$ctx = stream_context_create(array(
	'ssl' => array(
	'ciphers' => $ciphers,
	'verify_peer' => true,
	'cafile' => '/etc/ssl/certs/ca-certificates.crt', // <-- EDIT FOR NON-DEBIAN/UBUNTU SYSTEMS
	'CN_match' => $host,
	'verify_depth' => 3,
	'disable_compression' => true,
	'SNI_enabled' => true,
	'SNI_server_name' => $host,
	'capture_peer_cert' => true
	)
	));

	echo sha1(file_get_contents($url, false, $ctx)), PHP_EOL;

	$meta = stream_context_get_params($ctx);
	var_dump($meta['options']['ssl']);


	$ctx2 = stream_context_create(array(
	'ssl' => array(
	'ciphers' => $ciphers,
	'verify_peer' => true,
	'cafile' => '/etc/ssl/certs/ca-certificates.crt', // <-- EDIT FOR NON-DEBIAN/UBUNTU SYSTEMS
	'CN_match' => $host,
	'verify_depth' => 3,
	'disable_compression' => true,
	'SNI_enabled' => true,
	'SNI_server_name' => $host,
	'capture_peer_cert' => true
	)
	));

	$socket = stream_socket_client('tcp://'.parse_url($url, PHP_URL_HOST).':443', $errno, $errstr, 20, STREAM_CLIENT_CONNECT, $ctx2);
	$secure = stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);

	$meta = stream_context_get_params($ctx);
	var_dump($meta['options']['ssl']);

	exit;