Introducing TLS 1.3 for ReactPHP

Christian Lück Portrait Photo Christian Lück
on
tagged

Today, we're very happy to announce the immediate availability of the next v1.2.0 feature release of reactphp/socket, the async, streaming plaintext TCP/IP and secure TLS socket server and client for ReactPHP. 🎉

As the main feature of this release, this library now has improved support for secure TLS 1.3 connections for both server side connections as well as client side connections. TLS 1.3 is an official standard as of August 2018. The protocol has major improvements in the areas of security, performance, and privacy. It is an exciting protocol update that we can expect to benefit from for years to come. Not only will encrypted connections (such as HTTPS) become faster, but they will also be more secure. If you want to learn more about TLS 1.3, see also CloudFlare's excellent introduction.

As an example, using ReactPHP on a recent system, the following code will create a secure TLS 1.3 client side connection by default:

$loop = React\EventLoop\Factory::create();
$connector = new React\Socket\Connector($loop);

$uri = 'tls://gmail.com:443';
$connector->connect($uri)->then(function (React\Socket\ConnectionInterface $connection) {
    $connection->on('data', function ($data) {
        echo $data;
    });
    $connection->on('close', function () {
        echo '[CLOSED]' . PHP_EOL;
    });

    $connection->write("GET / HTTP/1.0\r\nHost: gmail.com\r\n\r\n");
}, 'printf');

$loop->run();

Significant work has been put into making sure TLS 1.3 is compatible with existing implementations in the wild, even including broken TLS 1.2 implementations. Likewise, we (the ReactPHP team) have spent significant effort into making sure TLS 1.3 works out of the box in the ReactPHP ecosystem by default. While closely monitoring PHP's development, this means that at the moment we work around PHP's current lack of explicit support for TLS 1.3. Despite having a working solution, we will continue monitoring and supporting this upstream development to provide a longer-term solution for the whole ecosystem.

Note that TLS 1.3 is an official standard as of August 2018. TLS 1.3 is only supported by default as of OpenSSL 1.1.1. For example, this version ships with Ubuntu 18.10 (and newer) by default, meaning that recent installations support TLS 1.3 out of the box :shipit:

If you're using an older version of OpenSSL, then this component and the above example will continue to use TLS 1.2 by default. Likewise, if the remote server side has not been updated to support TLS 1.3, this example will automatically fall back to TLS 1.2 by default. In other news, now is a good time to upgrade to the latest versions.

Thanks to ReactPHP's component-based design, we only have to update this one component and can support TLS 1.3 for any existing higher-level implementation with ease, whether it's a common HTTP(S) client implementation or some obscure binary protocol. Now, first make sure to update your libraries, head over to reactphp/socket and let's celebrate this release 🎉

If you have any feedback or just want to reach out and say hello, I'm happy to hear back and appreciate feedback! Use the comment section below or send a tweet to @another_clue.

Comments