SSL context options
  SSL context options — SSL context option listing
  
 
 
  Description
  
   Context options for ssl:// and tls://
   transports.
  
  
 
  Options
  
   
    
     - 
      peer_namestring
- 
      
       Peer name to be used. If this value is not set, then the name is guessed
       based on the hostname used when opening the stream.
       
- 
      verify_peerboolean
- 
      
       Require verification of SSL certificate used.
       
       Defaults to TRUE.
 
- 
      verify_peer_nameboolean
- 
      
       Require verification of peer name.
       
       Defaults to TRUE.
 
- 
      allow_self_signedboolean
- 
      
       Allow self-signed certificates. Requires
       verify_peer.
 
       Defaults to FALSE
 
- 
      cafilestring
- 
      
       Location of Certificate Authority file on local filesystem
       which should be used with the verify_peer
       context option to authenticate the identity of the remote peer.
       
- 
      capathstring
- 
      
       If cafile is not specified or if the certificate
       is not found there, the directory pointed to by capath 
       is searched for a suitable certificate.  capath
       must be a correctly hashed certificate directory.
       
- 
      local_certstring
- 
      
       Path to local certificate file on filesystem.  It must be a PEM
       encoded file which contains your certificate and private key.
       It can optionally contain the certificate chain of issuers.
       The private key also may be contained in a separate file specified
       by local_pk.
       
- 
      local_pkstring
- 
      
       Path to local private key file on filesystem in case of separate
       files for certificate (local_cert) and private key.
       
- 
      passphrasestring
- 
      
       Passphrase with which your local_cert file
       was encoded.
       
- 
      CN_matchstring
- 
      
       Common Name we are expecting.  PHP will perform limited wildcard
       matching.  If the Common Name does not match this, the connection
       attempt will fail.
       Note: 
        
          This option is deprecated, in favour of peer_name,
          as of PHP 5.6.0.
 
 
- 
      verify_depthinteger
- 
      
       Abort if the certificate chain is too deep.
       
       Defaults to no verification.
       
- 
      ciphersstring
- 
      
       Sets the list of available ciphers. The format of the string is described
       in » ciphers(1).
       
       Defaults to DEFAULT.
       
- 
      capture_peer_certboolean
- 
      
       If set to TRUEa peer_certificate context option
       will be created containing the peer certificate.
 
- 
      capture_peer_cert_chainboolean
- 
      
       If set to TRUEa peer_certificate_chain context
       option will be created containing the certificate chain.
 
- 
      SNI_enabledboolean
- 
      
       If set to TRUEserver name indication will be enabled. Enabling SNI 
       allows multiple certificates on the same IP address.
 
- 
      SNI_server_namestring
- 
      
       If set, then this value will be used as server name for server name 
       indication. If this value is not set, then the server name is guessed 
       based on the hostname used when opening the stream.
       Note: 
        
          This option is deprecated, in favour of peer_name,
          as of PHP 5.6.0.
 
 
- 
      disable_compressionboolean
- 
      
       If set, disable TLS compression. This can help mitigate the CRIME attack
       vector. 
       
- 
      peer_fingerprintstring | array
- 
      
       Aborts when the remote certificate digest doesn't match the specified
       hash.
       
       When a string is used, the length will determine which hashing algorithm
       is applied, either "md5" (32) or "sha1" (40).
       
       When an array is used, the keys indicate the hashing algorithm name
       and each corresponding value is the expected digest.
       
 
 
 
 
  Notes
  Note: 
   
    Because ssl:// is the underlying transport for the
    https:// and
    ftps:// wrappers, 
    any context options which apply to ssl:// also apply to
    https:// and ftps://.
   
  
  Note: 
   
    For SNI (Server Name Indication) to be available, then PHP must be compiled 
    with OpenSSL 0.9.8j or greater. Use the 
    OPENSSL_TLSEXT_SERVER_NAME to determine whether SNI is 
    supported.