Does PHP protect fopen () from typical attacks when accessing https resources?

Question

Does PHP protect fopen () from typical attacks when accessing https resources?

If I use the PHP function fopen()to retrieve data from an HTTPS website, this is what can be called a secure HTTPS connection. those. Does it provide protection against man-in-the-middle and eavesdropping attacks?

+5

security php ssl man-in-the-middle fopen

Kenneth poulsen May 24 '12 at 8:49

source share

1 answer

Cheekysoft · Answer 1 · 2012-05-24T08:59:19+0000

Not by default, no.

It will always provide some form of protection against simple eavesdropping attacks, because the data will always be encrypted (as long as the SSL server you are connecting to allows you to use at least one encrypted cipher - yes, null encryption ciphers are allowed in HTTPS: roll-eyes connections: ) However, by default it will not protect against human-in-the-middle, because it does not check server certificates, so you cannot be sure that you are connected to the intended server.

. fopen, . . .

$context = stream_context_create( array(
    'ssl' => array(
        'cafile'      => 'ca_bundle.crt',
        'verify_peer' => true
    )
));

$file = fopen( $url, 'r', false, $context );

Does PHP protect fopen () from typical attacks when accessing https resources?

More articles: