Php Outdated Tls11 Enabled
Description
Detects PHP code that enables insecure TLS 1.1 or older protocols in stream contexts and socket crypto configurations. Using outdated TLS versions exposes applications to known cryptographic vulnerabilities and man-in-the-middle attacks.
Detection Strategy
• Identifies calls to 'stream_context_create' where SSL/TLS options enable TLS 1.1 or older versions
• Detects 'stream_socket_enable_crypto' calls configured to use deprecated crypto protocols
• Checks stream context arrays and crypto configuration parameters for insecure protocol settings
• Reports vulnerability when TLS version is explicitly set to '1.1' or lower in stream options
Vulnerable code example
<?php
// Insecure: Using deprecated TLSv1.1 protocol
$encrypt = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
// Vulnerable: Creating SSL context with insecure TLSv1.1
$context = stream_context_create([
'ssl' => [
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT ...✅ Secure code example
<?php
// Secure: Using modern TLSv1.2 protocol (minimum recommended version)
$encrypt = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
// Secure: Creating SSL context with TLSv1.2 and proper cipher config
$context = stream_context_create([
'ssl' => [
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.