Merge pull request #186 from clue-labs/tls1.3

jsor · web-flow · commit 78a259140dc3 · 2019-01-03T21:33:15.000+01:00
Improve TLS 1.3 support
diff --git a/README.md b/README.md
@@ -1372,19 +1372,6 @@ This library does not take responsibility over these context options, so it's
 up to consumers of this library to take care of setting appropriate context
 options as described above.
 
-All versions of PHP prior to 5.6.8 suffered from a buffering issue where reading
-from a streaming TLS connection could be one `data` event behind.
-This library implements a work-around to try to flush the complete incoming
-data buffers on these legacy PHP versions, which has a penalty of around 10% of
-throughput on all connections.
-With this work-around, we have not been able to reproduce this issue anymore,
-but we have seen reports of people saying this could still affect some of the
-older PHP versions (`5.5.23`, `5.6.7`, and `5.6.8`).
-Note that this only affects *some* higher-level streaming protocols, such as
-IRC over TLS, but should not affect HTTP over TLS (HTTPS).
-Further investigation of this issue is needed.
-For more insights, this issue is also covered by our test suite.
-
 PHP < 7.1.4 (and PHP < 7.0.18) suffers from a bug when writing big
 chunks of data over TLS streams at once.
 We try to work around this by limiting the write chunk size to 8192
diff --git a/composer.json b/composer.json
@@ -8,7 +8,7 @@
         "evenement/evenement": "^3.0 || ^2.0 || ^1.0",
         "react/dns": "^0.4.13",
         "react/event-loop": "^1.0 || ^0.5 || ^0.4 || ^0.3.5",
-        "react/stream": "^1.0 || ^0.7.1",
+        "react/stream": "^1.1",
         "react/promise": "^2.6.0 || ^1.2.1",
         "react/promise-timer": "^1.4.0"
     },
diff --git a/src/Connection.php b/src/Connection.php
@@ -43,15 +43,6 @@ class Connection extends EventEmitter implements ConnectionInterface
 
     public function __construct($resource, LoopInterface $loop)
     {
-        // PHP < 5.6.8 suffers from a buffer indicator bug on secure TLS connections
-        // as a work-around we always read the complete buffer until its end.
-        // The buffer size is limited due to TCP/IP buffers anyway, so this
-        // should not affect usage otherwise.
-        // See https://bugs.php.net/bug.php?id=65137
-        // https://bugs.php.net/bug.php?id=41631
-        // https://github.com/reactphp/socket-client/issues/24
-        $clearCompleteBuffer = \PHP_VERSION_ID < 50608;
-
         // PHP < 7.1.4 (and PHP < 7.0.18) suffers from a bug when writing big
         // chunks of data over TLS streams at once.
         // We try to work around this by limiting the write chunk size to 8192
@@ -62,10 +53,14 @@ public function __construct($resource, LoopInterface $loop)
         // See https://github.com/reactphp/socket/issues/105
         $limitWriteChunks = (\PHP_VERSION_ID < 70018 || (\PHP_VERSION_ID >= 70100 && \PHP_VERSION_ID < 70104));
 
+        // Construct underlying stream to always consume complete receive buffer.
+        // This avoids stale data in TLS buffers and also works around possible
+        // buffering issues in legacy PHP versions. The buffer size is limited
+        // due to TCP/IP buffers anyway, so this should not affect usage otherwise.
         $this->input = new DuplexResourceStream(
             $resource,
             $loop,
-            $clearCompleteBuffer ? -1 : null,
+            -1,
             new WritableResourceStream($resource, $loop, null, $limitWriteChunks ? 8192 : null)
         );
 
diff --git a/src/StreamEncryption.php b/src/StreamEncryption.php
@@ -25,35 +25,21 @@ public function __construct(LoopInterface $loop, $server = true)
         $this->server = $server;
 
         // support TLSv1.0+ by default and exclude legacy SSLv2/SSLv3.
-        // PHP 5.6+ supports bitmasks, legacy PHP only supports predefined
-        // constants, so apply accordingly below.
-        // Also, since PHP 5.6.7 up until before PHP 7.2.0 the main constant did
-        // only support TLSv1.0, so we explicitly apply all versions.
-        // @link http://php.net/manual/en/migration56.openssl.php#migration56.openssl.crypto-method
-        // @link https://3v4l.org/plbFn
+        // As of PHP 7.2+ the main crypto method constant includes all TLS versions.
+        // As of PHP 5.6+ the crypto method is a bitmask, so we explicitly include all TLS versions.
+        // For legacy PHP < 5.6 the crypto method is a single value only and this constant includes all TLS versions.
+        // @link https://3v4l.org/9PSST
         if ($server) {
             $this->method = \STREAM_CRYPTO_METHOD_TLS_SERVER;
 
-            if (\defined('STREAM_CRYPTO_METHOD_TLSv1_0_SERVER')) {
-                $this->method |= \STREAM_CRYPTO_METHOD_TLSv1_0_SERVER;
-            }
-            if (\defined('STREAM_CRYPTO_METHOD_TLSv1_1_SERVER')) {
-                $this->method |= \STREAM_CRYPTO_METHOD_TLSv1_1_SERVER;
-            }
-            if (\defined('STREAM_CRYPTO_METHOD_TLSv1_2_SERVER')) {
-                $this->method |= \STREAM_CRYPTO_METHOD_TLSv1_2_SERVER;
+            if (\PHP_VERSION_ID < 70200 && \PHP_VERSION_ID >= 50600) {
+                $this->method |= \STREAM_CRYPTO_METHOD_TLSv1_0_SERVER | \STREAM_CRYPTO_METHOD_TLSv1_1_SERVER | \STREAM_CRYPTO_METHOD_TLSv1_2_SERVER;
             }
         } else {
             $this->method = \STREAM_CRYPTO_METHOD_TLS_CLIENT;
 
-            if (\defined('STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT')) {
-                $this->method |= \STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
-            }
-            if (\defined('STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT')) {
-                $this->method |= \STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
-            }
-            if (\defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
-                $this->method |= \STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
+            if (\PHP_VERSION_ID < 70200 && \PHP_VERSION_ID >= 50600) {
+                $this->method |= \STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT | \STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT | \STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
             }
         }
     }
diff --git a/tests/FunctionalSecureServerTest.php b/tests/FunctionalSecureServerTest.php
@@ -48,6 +48,103 @@ public function testClientCanConnectToServer()
         $server->close();
     }
 
+    public function testClientUsesTls13ByDefaultWhenSupportedByOpenSSL()
+    {
+        if (PHP_VERSION_ID < 70000 || !$this->supportsTls13()) {
+            $this->markTestSkipped('Test requires PHP 7+ for crypto meta data and OpenSSL 1.1.1+ for TLS 1.3');
+        }
+
+        $loop = Factory::create();
+
+        $server = new TcpServer(0, $loop);
+        $server = new SecureServer($server, $loop, array(
+            'local_cert' => __DIR__ . '/../examples/localhost.pem'
+        ));
+
+        $connector = new SecureConnector(new TcpConnector($loop), $loop, array(
+            'verify_peer' => false
+        ));
+        $promise = $connector->connect($server->getAddress());
+
+        /* @var ConnectionInterface $client */
+        $client = Block\await($promise, $loop, self::TIMEOUT);
+
+        $this->assertInstanceOf('React\Socket\Connection', $client);
+        $this->assertTrue(isset($client->stream));
+
+        $meta = stream_get_meta_data($client->stream);
+        $this->assertTrue(isset($meta['crypto']['protocol']));
+
+        if ($meta['crypto']['protocol'] === 'UNKNOWN') {
+            // TLSv1.3 protocol will only be added via https://github.com/php/php-src/pull/3700
+            // prior to merging that PR, this info is still available in the cipher version by OpenSSL
+            $this->assertTrue(isset($meta['crypto']['cipher_version']));
+            $this->assertEquals('TLSv1.3', $meta['crypto']['cipher_version']);
+        } else {
+            $this->assertEquals('TLSv1.3', $meta['crypto']['protocol']);
+        }
+    }
+
+    public function testClientUsesTls12WhenCryptoMethodIsExplicitlyConfiguredByClient()
+    {
+        if (PHP_VERSION_ID < 70000) {
+            $this->markTestSkipped('Test requires PHP 7+ for crypto meta data');
+        }
+
+        $loop = Factory::create();
+
+        $server = new TcpServer(0, $loop);
+        $server = new SecureServer($server, $loop, array(
+            'local_cert' => __DIR__ . '/../examples/localhost.pem'
+        ));
+
+        $connector = new SecureConnector(new TcpConnector($loop), $loop, array(
+            'verify_peer' => false,
+            'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
+        ));
+        $promise = $connector->connect($server->getAddress());
+
+        /* @var ConnectionInterface $client */
+        $client = Block\await($promise, $loop, self::TIMEOUT);
+
+        $this->assertInstanceOf('React\Socket\Connection', $client);
+        $this->assertTrue(isset($client->stream));
+
+        $meta = stream_get_meta_data($client->stream);
+        $this->assertTrue(isset($meta['crypto']['protocol']));
+        $this->assertEquals('TLSv1.2', $meta['crypto']['protocol']);
+    }
+
+    public function testClientUsesTls12WhenCryptoMethodIsExplicitlyConfiguredByServer()
+    {
+        if (PHP_VERSION_ID < 70000) {
+            $this->markTestSkipped('Test requires PHP 7+ for crypto meta data');
+        }
+
+        $loop = Factory::create();
+
+        $server = new TcpServer(0, $loop);
+        $server = new SecureServer($server, $loop, array(
+            'local_cert' => __DIR__ . '/../examples/localhost.pem',
+            'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_SERVER
+        ));
+
+        $connector = new SecureConnector(new TcpConnector($loop), $loop, array(
+            'verify_peer' => false
+        ));
+        $promise = $connector->connect($server->getAddress());
+
+        /* @var ConnectionInterface $client */
+        $client = Block\await($promise, $loop, self::TIMEOUT);
+
+        $this->assertInstanceOf('React\Socket\Connection', $client);
+        $this->assertTrue(isset($client->stream));
+
+        $meta = stream_get_meta_data($client->stream);
+        $this->assertTrue(isset($meta['crypto']['protocol']));
+        $this->assertEquals('TLSv1.2', $meta['crypto']['protocol']);
+    }
+
     public function testServerEmitsConnectionForClientConnection()
     {
         $loop = Factory::create();
@@ -621,4 +718,21 @@ private function createPromiseForEvent(EventEmitterInterface $emitter, $event, $
             });
         });
     }
+
+    private function supportsTls13()
+    {
+        // TLS 1.3 is supported as of OpenSSL 1.1.1 (https://www.openssl.org/blog/blog/2018/09/11/release111/)
+        // The OpenSSL library version can only be obtained by parsing output from phpinfo().
+        // OPENSSL_VERSION_TEXT refers to header version which does not necessarily match actual library version
+        // see php -i | grep OpenSSL
+        // OpenSSL Library Version => OpenSSL 1.1.1  11 Sep 2018
+        ob_start();
+        phpinfo(INFO_MODULES);
+        $info = ob_get_clean();
+
+        if (preg_match('/OpenSSL Library Version => OpenSSL (\S+)/', $info, $match)) {
+            return version_compare($match[1], '1.1.1', '>=');
+        }
+        return false;
+    }
 }
