OpenSSL

PHP’s stream subsystem uses OpenSSL for SSL/TLS based connections, for instance when a file is loaded using file_get_contents() from an https url.

As part of the so-called TLS handshake, various roundtrips between client and server are spent to negotiate the connection details like ciphers, keysizes and algorithms. An extension to the TLS protocol called ALPN (Application-Layer Protocol Negotiation) speeds up this process by adding more information into an earlier phase of the connection effectively saving on some of these roundtrips.

If PHP is built against OpenSSL 1.0.2 or later, this extension is now supported and the negotiated protocol information is accessible through a new section in the output provided by stream_get_meta_data().

To further control the connection process, various stream context options can be supplied, for instance through the third parameter of file_get_contents().

While the ability to specify options is not new, the available options for TLS based connections changed quite a bit in PHP 7:

The option to specify the keysize (rsa_key_size) was removed in favor of automatically setting it to the appropriate size based on the negotiated crypto algorithm.

The two options CN_match and SNI_server_name – both already being deprecated since PHP 5.6 – got removed. If you want to explicitly enforce the hostname, the use of peer_name is still possible but not technically required as PHP automatically verifies that the certificate matches the host.

Last but not least, the option capture_session_meta SSL/TLS context option is now deprecated. As with the ALPN information, meta data concerning active crypto on a stream resource is now also accessible through stream_get_meta_data().

Starting with PHP 7.1, all support for outdated and insecure SSLv1 as well as SSLv2 connections has been dropped.