mysql端需要使用TLS1.2连接,如何在PHP或PDO上分配/设置TLS版本? 我确认mysql和证书是正确的,因为我使用python3实现它。这个错误困扰了我好几天,我查了很多资料,但仍然没有解决。下面是详细信息。感谢您的阅读和帮助。
版本列表:
错误信息
2023/04/04 17:08:41 [error] 756#756: *49 FastCGI sent in stderr: "PHP message: PHP Warning: PDO::__construct(): SSL operation failed with code 1. OpenSSL Error messages:
error:0A00042E:SSL routines::tlsv1 alert protocol version
...
PHP message: PHP Warning: PDO::__construct(): Cannot connect to MySQL by using SSL in /opt/web/libs/inc.db.php on line 52
PHP message: PHP Warning: PDO::__construct(): [2002] (trying to connect via tcp://0.0.0.0:3306) in /opt/web/libs/inc.db.php on line 52
...
PHP message: PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000] [2002] ' in /opt/web/libs/inc.db.php:52
Stack trace:
#0 /opt/tci/web/libs/inc.db.php(52): PDO->__construct('mysql:host=0.0....', 'usr', 'pwd', Array)
#1 /opt/web/libs/inc.db.php(59): DBAL->__construct()
#2 /opt/web/libs/inc.db.php(94): DBAL::getInstance()
#3 /opt/web/libs/libtc.php(414): DBAL::do_select('SELECT * FROM u...')
#4 /opt/web/login.php(38): check_admin_exsit()
#5 {main}
thrown in /opt/web/libs/inc.db.php on line 52" while reading response header from upstream, client: 192.168.0.1, server: _, request: "GET /rest/login.php HTTP/1.1", upstream: "fastcgi://unix:/run/php/php5.6-fpm.sock:", host: "192.168.0.1"
[PHP]PDO 代码:
private function __construct() {
$db_url = "0.0.0.0";
$db_name = "test";
$db_user = "usr";
$db_pwd = "pwd";
$db_encoding = "utf8";
$dsn="mysql:host=$db_url;dbname=$db_name;";
if( version_compare(PHP_VERSION, '5.3.6', '<') ){
if( defined('PDO::MYSQL_ATTR_INIT_COMMAND') ){
$options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET NAMES ' . $db_encoding;
}
} else {
$dsn .= ';charset=' . $db_encoding;
}
$options_ssl_arr = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_PERSISTENT => true,
PDO::MYSQL_ATTR_FOUND_ROWS => true,
PDO::MYSQL_ATTR_SSL_KEY => '/path/to/cert/abc.pem.key',
PDO::MYSQL_ATTR_SSL_CERT => '/path/to/cert/abc.pem.crt',
PDO::MYSQL_ATTR_SSL_CA => '/path/to/cert/abc.ca.pem.crt',
PDO::MYSQL_ATTR_SSL_CIPHER => 'DHE-RSA-AES256-GCM-SHA384',
];
$this->connection = new PDO($dsn, $db_user, $db_pwd, $options_ssl_arr); //failed here.
}
mysql端需要使用TLS1.2连接,如何在PHP或PDO上分配/设置TLS版本? 我确认mysql和证书是正确的,因为我使用python3实现它。这个错误困扰了我好几天,我查了很多资料,但仍然没有解决。下面是详细信息。感谢您的阅读和帮助。
我尝试了很多方法,我将以下部分附加到
/etc/ssl/openssl.cnf[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT:@SECLEVEL=0
我尝试更改 nginx 配置文件
/etc/nginx/nginx.cnf ##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
面临同样的问题。这是由于 php 核心中的这个错误 https://bugs.php.net/bug.php?id=74445 造成的。虽然这个问题与 mysqli 有关,但 PDO 驱动程序也受到影响。不幸的是,我还没有找到任何方法可以在不将 php 版本升级到 7.2 的情况下解决这个问题。