How to detect if ssl is enabled by entering url?

Question

I am developing a system that can check if a remote server has or not SSL enabled
My input is a simple URL, Example http://www.stackoverflow.com

How can i do that ?

Answer 1

$sslEnabled = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off') ? TRUE : FALSE;

EDIT 1
use curl: change http by https
send HEAD Request to this url
read the http response : if 200 then ssl is enabled

EDIT 2

input : http://www.stackoverflow.com

naive approach : $url = str_replace ("http", "https", $input);
preapring curl : with HTTP

$ch = curl_init ($url);

curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_VERBOSE,        0);
curl_setopt ($ch, CURLOPT_HEADER,         1);     // i want to read header response from server

curl_setopt ($ch, CURLOPT_CUSTOMREQUEST, 'HEAD'); // my request is HEAD 
curl_setopt ($ch, CURLOPT_NOBODY, true);          // i don't need to get body response : it is better for me and for the remote server

curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true);  // to follow the location when http response is 301

curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 10);    // if ssl is not enabled, my connection can take a lot of time so i will wait only for 10 seconds otherwise SSL is not enabled : you can enhance this value 

curl_exec ( $ch ) ;

$header = curl_getinfo($ch, CURLINFO_HEADER_OUT);
var_dump ($header_size);

the result is : (i got 2 http response, you should take the last one)

* About to connect() to proxy XXX.YYY.ZZZ.AAA port N (#0)
*   Trying XXX.YYY.ZZZ.AAA... * connected
* Connected to XXX.YYY.ZZZ.AAA (XXX.YYY.ZZZ.AAA) port N (#0)
* ******************************************
> HEAD http://www.stackoverflow.com HTTP/1.1
* ******************************************
Host: www.stackoverflow.com
Pragma: no-cache
Accept: */*
Proxy-Connection: Keep-Alive

< HTTP/1.0 301 Moved Permanently
< Content-Length: 148
< Content-Type: text/html; charset=UTF-8
< Location: http://stackoverflow.com/
< Date: Wed, 13 May 2015 11:01:07 GMT
* ******************************************
* ******************************************
* ******************************************
* ******************************************
< Proxy-Connection: keep-alive
* Connection #0 to host XXX.YYY.ZZZ.AAA left intact
* Issue another request to this URL: 'http://stackoverflow.com/'
* Examining connection #0 for reuse
* Re-using existing connection! (#0) with host XXX.YYY.ZZZ.AAA
* Connected to XXX.YYY.ZZZ.AAA (XXX.YYY.ZZZ.AAA) port N (#0)
* ******************************************
> HEAD http://stackoverflow.com/ HTTP/1.1
* ******************************************
Host: stackoverflow.com
Pragma: no-cache
Accept: */*
Proxy-Connection: Keep-Alive

< HTTP/1.0 200 OK
< Cache-Control: public, no-cache="Set-Cookie", max-age=52
< Content-Length: 238748
< Content-Type: text/html; charset=utf-8
< Expires: Wed, 13 May 2015 11:02:01 GMT
< Last-Modified: Wed, 13 May 2015 11:01:01 GMT
< Vary: *
< X-Frame-Options: SAMEORIGIN
* ******************************************
< Set-Cookie: prov=bb4ad145-d7ed-4d40-8e02-43976c589c10; domain=.stackoverflow.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly
< Date: Wed, 13 May 2015 11:01:08 GMT
* ******************************************
* ******************************************
* ******************************************
* ******************************************
< Proxy-Connection: keep-alive
* Connection #0 to host XXX.YYY.ZZZ.AAA left intact
* Closing connection #0

header response : with HTTPS (stackoverflow has not SLL on port 443)

* About to connect() to www.stackoverflow.com port 443 (#0)
*   Trying 198.252.206.16... * Timeout
* connect() timed out!
* Closing connection #0

NOTE : you have to enable php_curl.dll in your php.ini file and restart your server

Answer 2

There are multiple ways to do this. The first one is the easiest, just try to retrieve the data (e.g. using file_get_contents()) from the specified URL with the HTTPS protocol. You get a timeout? That most likely means SSL/TLS is not supported.

Another one is to open a socket to port 443. Get a timeout? Again, that most likely means secure connections are not supported.

Another approach, which gives you more information, is to shell invoke something like OpenSSL (openssl s_client -connect example.com:443). But that's a lot more work, not always allowed, much more failure prone and you need to parse the result yourself.

An untested (no server available currently) and most likely not completely working (I haven't written a line of PHP in a few years) example for the first solution:

<?php
error_reporting(E_ALL);

$hasSsl = false;
if ($_SERVER["REQUEST_METHOD"] == "post")
{
    // I hate error suppressing, but it's just a quick 'n dirty example!
    $data = @file_get_contents($_POST["url"]); 

    $hasSsl = (strlen($data) != 0);
}
// Do something with $hasSsl
?>
<!doctype HTML>

<body>
    <form method="post">
        <p>
            <input type="uri" name="url">
            <input type="submit">
        </p>
    </form>
</body>

Answer 3

1. Using CURL invoke given url

2. Get all header from curl

3. read header info returned by Curl response

   For curl library and its curl function, Go through http://php.net/manual/en/book.curl.php

Answer 4

https://stackoverflow.com/a/21848415/524743

use the extension loaded check!

http://php.net/manual/en/function.extension-loaded.php

 if(!extension_loaded('openssl')) {
        throw new Exception('This app needs the Open SSL PHP extension.');
    }

Or that one https://stackoverflow.com/a/7304205/524743

if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
    // SSL connection
}