I am using a PSP that recently switched to only support TLS 1.2 (as per PCI-DSS).
Within a php7 application, I can connect to their SOAP API. However, since their upgrade I am getting an SSL error indicating their server does not support my TLS version. I ran a wireshark and can confirm there is only a client hello, so server hello and it is on TLS 1.0.
I am using the following code:
$this->soapClient = new SoapClient('some/wsdl'), [
'location' => 'https://endpoint.of.server',
'soap_version' => SOAP_1_1,
'stream_context' => stream_context_create([
'ssl' => [
'local_cert' => '/path/to/client.crt',
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
],
])
]);
However, this code still uses TLS 1.0 and not the desired TLS 1.2.
Versions
OpenSSL 1.1.0h 27 Mar 2018
PHP 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 (cli) ( NTS ).
As it turns out, the above code is 100% correct.
In my case, the error lay somewhere in the certificate. For still unknown reasons, our self-generated SSL client certificate did not cope well with TLS 1.2. After we generated a new certificate, everything worked like magic.
Things I've tried / verified
openssl verion (>= 1.0.1)Also, take a look at How to force a certain TLS version in a PHP stream context for the ssl:// transport?