English
English
In modern network applications, secure communication is particularly important. PHP provides a rich network programming interface, combining socket functions and TLS/SSL encryption protocols to achieve secure encrypted communication. This article will focus on how to use PHP's socket_accept() function to achieve secure connections with TLS/SSL.
socket_accept() : This is an important function of socket programming in PHP, which is used to accept client connection requests and return a new socket resource for subsequent communication.
TLS/SSL : Transport Layer Security, used to encrypt communication content and ensure the security of data transmission.
On the server side, sockets are usually created first, binding addresses and ports are bound to listen for connection requests. After receiving the client request, call socket_accept() to accept the connection, and then the data can be read or written.
$server = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
socket_bind($server, '0.0.0.0', 4433);
socket_listen($server);
$client = socket_accept($server);
$data = socket_read($client, 2048);
socket_write($client, "Hello Client!");
socket_close($client);
socket_close($server);
The above example code is simple unencrypted communication.
PHP's own socket_* function does not directly support SSL/TLS, but can be used to implement secure communication with OpenSSL extension.
After receiving the socket resource connected to the client, use stream_socket_enable_crypto() to enable encryption.
// createTCP socket
$server = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
socket_bind($server, '0.0.0.0', 4433);
socket_listen($server);
// Accept client connections
$clientSocket = socket_accept($server);
if ($clientSocket === false) {
die("Failed to accept socket connection\n");
}
// Will socket Transform resources into stream resource,Easy to use stream_socket_enable_crypto()
$clientStream = socket_export_stream($clientSocket);
if ($clientStream === false) {
die("Failed to convert socket to stream\n");
}
// set up SSL Context,Contains certificate and private key
$contextOptions = [
'ssl' => [
'local_cert' => '/path/to/certificate.pem', // Server Certificate File
'local_pk' => '/path/to/private_key.pem', // Private key file
'allow_self_signed' => true,
'verify_peer' => false,
]
];
$context = stream_context_create($contextOptions);
// start up TLS encryption
if (!stream_socket_enable_crypto($clientStream, true, STREAM_CRYPTO_METHOD_TLS_SERVER, $context)) {
die("Failed to enable TLS encryption\n");
}
// Read client data
$data = fread($clientStream, 2048);
echo "Received (decrypted): " . $data . "\n";
// 向客户端发送encryption数据
fwrite($clientStream, "Welcome to secure PHP server!");
// Close the connection
fclose($clientStream);
socket_close($server);
Certificate preparation : local_cert and local_pk files must be valid certificates and private keys, and the certificates should be issued by a trusted CA, or self-signed (as shown in the example).
socket_export_stream() : Convert a low-level socket resource into a resource that can be operated by streaming, and then stream_socket_enable_crypto() can be used.
Error handling : The production environment should do a good job in error capture and logging.
Secure chat service : The communication content between the client and the server needs to be encrypted to prevent data from being eavesdropped or tampered with.
Private data transmission : Enterprise internal services require encryption for sensitive data transmission.
Custom protocol security upgrade : custom protocol based on socket can be implemented through TLS to improve security.
After receiving the connection with PHP socket_accept() , the stream_socket_enable_crypto() that is extended by OpenSSL can be easily implemented secure encrypted communication based on TLS/SSL. Although this is difficult for beginners, once mastered, it can effectively improve the security of network applications.
