Article Categories
- All Categories
-
Data Structure
-
Networking
-
RDBMS
-
Operating System
-
Java
-
MS Excel
-
iOS
-
HTML
-
CSS
-
Android
-
Python
-
C Programming
-
C++
-
C#
-
MongoDB
-
MySQL
-
Javascript
-
PHP
-
Economics & Finance
Selected Reading
PHP SSL context options
SSL context options in PHP allow you to configure secure connections when using ssl:// and tls:// transports. These options control certificate verification, encryption settings, and connection security for secure network communications.
SSL Context Options
The following table lists all available SSL context options and their purposes ?
| Option | Description |
|---|---|
peer_name |
Peer name to be used. If this value is not set, then the name is guessed based on the hostname used when opening the stream. |
verify_peer |
Require verification of SSL certificate used. Defaults to TRUE. |
verify_peer_name |
Require verification of peer name. Defaults to TRUE. |
allow_self_signed |
Allow self-signed certificates. Requires verify_peer. Defaults to FALSE |
cafile |
Location of Certificate Authority file on local filesystem to be used to authenticate identity of remote peer. |
capath |
Must be a correctly hashed certificate directory. |
local_cert |
Path to local certificate file on filesystem. |
local_pk |
Path to local private key file on filesystem in case of separate files for certificate and private key. |
passphrase |
Passphrase with which your local_cert file was encoded. |
CN_match |
Common Name we are expecting. If the Common Name does not match, connection attempt will fail. |
verify_depth |
Abort if the certificate chain is too deep. |
ciphers |
Sets the list of available ciphers. The format of the string is described in ciphers(1). |
capture_peer_cert |
If set to TRUE a peer_certificate context option will be created containing the peer certificate. |
capture_peer_cert_chain |
If set to TRUE a peer_certificate_chain context option will be created containing the certificate chain. |
SNI_enabled |
If set to TRUE server name indication will be enabled. |
SNI_server_name |
If set, this value will be used as server name for server name indication. Otherwise server name is guessed based on the hostname used |
disable_compression |
If set, disable TLS compression. |
peer_fingerprint |
Aborts when the remote certificate digest doesn't match the specified hash. |
security_level |
Sets the security level. If not specified, default security level is used. Available as of PHP 7.2.0 and OpenSSL 1.1.0. |
Example
This example demonstrates how to create a stream context with SSL options ?
<?php
$stream_context = stream_context_create([
'ssl' => [
'local_cert' => '/path/to/key.pem',
'peer_fingerprint' => openssl_x509_fingerprint(file_get_contents('/path/to/key.crt')),
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true,
'verify_depth' => 0
]
]);
// Use the context with a secure connection
$socket = stream_socket_client('tls://example.com:443', $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $stream_context);
?>
Note: This example requires SSL certificates and network access. The paths should point to actual certificate files on your system.
Common Use Cases
SSL context options are typically used for ?
- Client certificates − When connecting to servers requiring client authentication
- Custom CA validation − For self-signed or corporate certificates
- Security hardening − Disabling weak ciphers or compression
- Development testing − Allowing self-signed certificates in test environments
Conclusion
SSL context options provide fine-grained control over secure connections in PHP. Use verify_peer and verify_peer_name for security, and allow_self_signed only in development environments.
Updated on: 2026-03-15T09:22:28+05:30
2K+ Views
Advertisements