使用SSL将PHP转换为MySQL
[英]PHP to MySQL using SSL
问题描述
I have a remote MySQL Server that requires me to use SSL for connections. 
我有一个远程MySQL Server,要求我使用SSL进行连接。 I can connect to it using my terminal. 我可以使用终端连接到它。 But when I try to connect to it using PHP, I get the following error: 但是,当我尝试使用PHP连接到它时,出现以下错误:
SSL3_GET_RECORD:wrong version number
It seems like the OPENSSL Handshake fails and the reason could be that my PHP is trying to connect to it using SSL3. 似乎OPENSSL握手失败,原因可能是我的PHP试图使用SSL3连接到它。 The MySQL Server supports only TLSv1.2. MySQL服务器仅支持TLSv1.2。 Is there a way to force PHP to connect using TLSv1.2 ? 有没有一种方法可以强制PHP使用TLSv1.2连接?
Here is my code used to connect: 这是我用于连接的代码:
<?php
ini_set ('error_reporting', E_ALL);
ini_set ('display_errors', '1');
error_reporting (E_ALL|E_STRICT);
$db = mysqli_init();
mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$db->ssl_set(NULL, NULL, '/path/to/ca-cert.pem' , NULL, NULL);
$link = mysqli_real_connect ($db, 'hostname', 'user', 'password', 'dbname', 3306, NULL, MYSQLI_CLIENT_SSL);
if (!$link)
{
die ('Connect error (' . mysqli_connect_errno() . '): ' . mysqli_connect_error() . "\n");
} else {
$res = $db->query('SHOW TABLES;');
print_r ($res);
$db->close();
}
?>
Things I have tried and possible problems: 我尝试过的事情和可能出现的问题:
- Seems like openssl version mismatch. 好像openssl版本不匹配。 I can connect using my terminal and not PHP, so I checked my openssl version in the terminal with the one I get using phpinfo(), they were the same 我可以使用终端而不是PHP进行连接,因此我在终端中使用phpinfo()获得了一个我的openssl版本,它们是相同的
- PHP is possibly using SSL3 to connect, and the server only supports TLSv1.2, I wasn't able to find a way to force PHP connections to MySQL using TLSv1.2 PHP可能正在使用SSL3进行连接,并且该服务器仅支持TLSv1.2,但我找不到使用TLSv1.2强制将PHP与MySQL连接的方法
- I tried to observe the handshake using tcpdump/Wireshark, but I don't think the process even starts since there is a version mismatch. 我尝试使用tcpdump / Wireshark观察握手,但是由于版本不匹配,我认为该过程甚至不会开始。
- I confirmed using "openssl s_client -debug" that the server doesn't support SSL3 which makes me think this is an issue on my computer, but not sure. 我使用“ openssl s_client -debug”确认服务器不支持SSL3,这使我认为这是计算机上的问题,但不确定。
- The reason I say my client might be using SSL3 is because of SSL3_GET_RECORD, I don't know for sure if I'm right in that too. 我说我的客户可能使用SSL3的原因是因为SSL3_GET_RECORD,我不确定我是否也正确。
So, in short, Help! 因此,简而言之,求助!
Environment: 环境:
PHP 7.0.18 PHP 7.0.18
MySQL Server Enterprise version 5.7.18 MySQL服务器企业版5.7.18
OpenSSL 1.0.2g OpenSSL 1.0.2克
OS: Windows 7, Ubuntu 16.04. 操作系统:Windows 7,Ubuntu 16.04。 Tried on both 都尝试过
1 个解决方案
解决方案1
0 已采纳 2017-08-03 22:19:50
The problem was the driver that PHP used to connect to MySQL. 问题出在PHP用于连接MySQL的驱动程序。 By default, it is mysqlnd. 默认情况下,它是mysqlnd。 And I don't think it was being able to connect using a SHA256 or better cipher to my MySQL Server, which is an enterprise version. 而且我认为它无法使用SHA256或更好的密码连接到我的MySQL Server(企业版)。
The other option for the driver is a libmysql library which Oracle does provide as part of the MySQL Enterprise Server (.deb files). 驱动程序的另一个选项是libmysql库,Oracle确实将它作为MySQL Enterprise Server的一部分提供(.deb文件)。 I started with a clean OS(Ubuntu), and compiled PHP with the libmysql provided by Oracle, and then I was able to establish the connection successfully! 我从一个干净的OS(Ubuntu)开始,然后使用Oracle提供的libmysql编译PHP,然后我成功建立了连接!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.