2

Is there any way to connect to DTLS socket in PHP? Some undocumented feature maybe, or not so popular extension? For what I've tried, there's no possibility, but I'm always hoping that I'm wrong.

mlask
  • 337
  • 1
  • 9
  • Do you find a way to connect to DTLS in PHP ? – neoteknic Jun 27 '18 at 07:57
  • @neoteknic Unfortunately not. – mlask Jun 28 '18 at 08:52
  • Maybe not possible nativly, post a php feature request ? – neoteknic Jun 28 '18 at 08:57
  • Still no update about this ? – neoteknic Aug 30 '18 at 13:29
  • Did you try this package? https://github.com/amphp/socket – Mehmet SÖĞÜNMEZ Aug 24 '19 at 18:09
  • OpenSSL has support for DTLS 1.0 and DTLS 1.2. Have you tried OpenSSL? https://stackoverflow.com/questions/43529927/when-using-dtls-with-udp-sockets-on-openssl-how-do-you-properly-handle-the-conn – odan Aug 26 '19 at 20:52
  • Try this : https://stackoverflow.com/questions/22370966/connecting-to-websocket-with-php-client – Arun P Aug 28 '19 at 12:15
  • 1
    @ArunP we're looking for DTLS support in PHP, not for websockets. Completely different things. – mlask Aug 28 '19 at 12:46
  • @odan Not tried it, do you have a simple PHP example to init a DTLS connect in php ? – neoteknic Aug 29 '19 at 09:41
  • this link https://www.php.net/manual/en/transports.inet.php could help. Did you try stream_socket_client? It could work if openSSL implements DTLS support. – Lety Aug 29 '19 at 14:31
  • @Lety stream_socket_client with ? udp:// (no tls?) tls:// (but tls is tcp ... ?) – neoteknic Aug 30 '19 at 11:32
  • @neoteknic reading php manual "The ssl:// and tls:// transports (available only when openssl support is compiled into PHP) are extensions of the tcp:// transport which include SSL encryption. Since PHP 4.3.0 OpenSSL support must be statically compiled into PHP, since PHP 5.0.0 it may be compiled as a module or statically. " So I guess that if openSSL support dtls, it could be that dtls://host:port works, but I can't try it. DTLS is TLS over datagram transport, here is the specification https://tools.ietf.org/html/rfc6347 while TLS normally is over TCP, the specification is rfc5246 – Lety Aug 30 '19 at 17:13

2 Answers2

0

I do not believe there is a turn key library or extension out there to do what you are asking but that doesn't mean it is not possible.

PHP Does have UDP socket support via socket_create + SOCK_DGRAM and TLS support via OpenSSL. In theory, you should be able to use both these to provide a secure data-gram to any system, but it's hard to say for sure as your question is pretty generic. Please keep in mind that non-privileged users cannot open data-gram sockets on most *NIX systems. This restriction also applies to ports < 1024.

Alex Barker
  • 4,316
  • 4
  • 28
  • 47
  • 1
    I think you meant non-privileged users cannot open raw sockets, udp and tcp should have identical port restrictions. – lossleader Aug 30 '19 at 11:08
  • I know it but I never succeed to do it, I want a connection to a Phillips hue bridge entrainement API (different than REST http api), just need an example. No problem if it's root only. – neoteknic Aug 30 '19 at 11:27
  • The php wrapper only includes a few capabilities, and nothing like what is needed to use dtls, for example DTLS_client_method appears needed: https://github.com/nplab/DTLS-Examples/search?q=DTLS_client_method&unscoped_q=DTLS_client_method but isn't referenced in the php docs or source: https://github.com/php/php-src/search?q=DTLS_client_method&unscoped_q=DTLS_client_method – lossleader Aug 30 '19 at 13:11
0

It can now works with php + swoole extension ! This kind of code should work :

$client = new Swoole\Coroutine\Client(SWOOLE_SOCK_UDP | SWOOLE_SSL);
if (!$client->connect('192.168.0.10', 2100)) {
    exit("connect failed\n");
}
$client->send("ping");

Need to test it & fix to improve my answer

Doc : https://openswoole.com/docs/modules/swoole-dtls (thank @mlask)

neoteknic
  • 1,930
  • 16
  • 32