SecureBlackbox 2020 PHP Edition

Questions / Feedback?

TLSClient Class

Properties   Methods   Events   Configuration Settings   Errors  

The TLSClient class provides client-side functionality of the TLS protocol.

Class Name

SecureBlackbox_TLSClient

Procedural Interface

 secureblackbox_tlsclient_open();
 secureblackbox_tlsclient_close($res);
 secureblackbox_tlsclient_register_callback($res, $id, $function);
 secureblackbox_tlsclient_get_last_error($res);
 secureblackbox_tlsclient_get_last_error_code($res);
 secureblackbox_tlsclient_set($res, $id, $index, $value);
 secureblackbox_tlsclient_get($res, $id, $index);
 secureblackbox_tlsclient_do_config($res, $configurationstring);
 secureblackbox_tlsclient_do_connect($res, $address, $port);
 secureblackbox_tlsclient_do_disconnect($res);
 secureblackbox_tlsclient_do_receivealldata($res, $size);
 secureblackbox_tlsclient_do_receivedata($res, $size);
 secureblackbox_tlsclient_do_senddata($res, $buffer);
 secureblackbox_tlsclient_do_sendkeepalive($res);
 secureblackbox_tlsclient_do_sendtext($res, $text);

Remarks

Use this component to set up secure connections from your application.

TLSClient offers comprehensive support for all versions of the TLS protocol, including the most popular TLS 1.2 and the newest TLS 1.3. Among other features this component can offer are:

  • Certificate-based and PSK authentication types are supported, making this component the ideal fit for all sorts of Internet environments.
  • Support for efficient reconnections using TLS session resume approach.
  • Comprehensive support for all existing cipher suites.
  • DH and Elliptic Curve key exchange algorithms.
  • Support for SNI, Extended Master Secret, Cookie, and other protocol extensions included as standard.
  • Support for secure renegotiation.
  • Resistant to all known TLS attacks (heartbleed, POODLE, BEAST, and others).

With TLS mode switched off, this component turns to an efficient TCP socket client.

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

BlockedCertCountThe number of records in the BlockedCert arrays.
BlockedCertBytesReturns raw certificate data in DER format.
BlockedCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
ClientCertCountThe number of records in the ClientCert arrays.
ClientCertBytesReturns raw certificate data in DER format.
ClientCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
ConnectedIndicates whether the connection is active.
ConnInfoAEADCipherIndicates whether the encryption algorithm used is an AEAD cipher.
ConnInfoChainValidationDetailsThe details of a certificate chain validation outcome.
ConnInfoChainValidationResultThe outcome of a certificate chain validation routine.
ConnInfoCiphersuiteThe cipher suite employed by this connection.
ConnInfoClientAuthenticatedSpecifies whether client authentication was performed during this connection.
ConnInfoClientAuthRequestedSpecifies whether client authentication was requested during this connection.
ConnInfoConnectionEstablishedIndicates whether the connection has been established fully.
ConnInfoConnectionIDThe unique identifier assigned to this connection.
ConnInfoDigestAlgorithmThe digest algorithm used in a TLS-enabled connection.
ConnInfoEncryptionAlgorithmThe symmetric encryption algorithm used in a TLS-enabled connection.
ConnInfoExportableIndicates whether a TLS connection uses a reduced-strength exportable cipher.
ConnInfoKeyExchangeAlgorithmThe key exchange algorithm used in a TLS-enabled connection.
ConnInfoKeyExchangeKeyBitsThe length of the key exchange key of a TLS-enabled connection.
ConnInfoNamedECCurveThe elliptic curve used in this connection.
ConnInfoPFSCipherIndicates whether the chosen ciphersuite provides perfect forward secrecy (PFS).
ConnInfoPreSharedIdentityHintA hint professed by the server to help the client select the PSK identity to use.
ConnInfoPublicKeyBitsThe length of the public key.
ConnInfoResumedSessionIndicates whether a TLS-enabled connection was spawned from another TLS connection.
ConnInfoSecureConnectionIndicates whether TLS or SSL is enabled for this connection.
ConnInfoServerAuthenticatedIndicates whether server authentication was performed during a TLS-enabled connection.
ConnInfoSignatureAlgorithmThe signature algorithm used in a TLS handshake.
ConnInfoSymmetricBlockSizeThe block size of the symmetric algorithm used.
ConnInfoSymmetricKeyBitsThe key length of the symmetric algorithm used.
ConnInfoTotalBytesReceivedThe total number of bytes received over this connection.
ConnInfoTotalBytesSentThe total number of bytes sent over this connection.
ConnInfoValidationLogContains the server certificate's chain validation log.
ConnInfoVersionIndicates the version of SSL/TLS protocol negotiated during this connection.
ErrorOriginIndicates the endpoint where the error originates from.
ErrorSeverityThe severity of the error that happened.
ExternalCryptoCustomParamsCustom parameters to be passed to the signing service (uninterpreted).
ExternalCryptoDataAdditional data to be included in the async state and mirrored back by the requestor.
ExternalCryptoExternalHashCalculationSpecifies whether the message hash is to be calculated at the external endpoint.
ExternalCryptoHashAlgorithmSpecifies the request's signature hash algorithm.
ExternalCryptoKeyIDThe ID of the pre-shared key used for DC request authentication.
ExternalCryptoKeySecretThe pre-shared key used for DC request authentication.
ExternalCryptoMethodSpecifies the asynchronous signing method.
ExternalCryptoModeSpecifies the external cryptography mode.
ExternalCryptoPublicKeyAlgorithmProvide public key algorithm here if the certificate is not available on the pre-signing stage.
KnownCertCountThe number of records in the KnownCert arrays.
KnownCertBytesReturns raw certificate data in DER format.
KnownCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
KnownCRLCountThe number of records in the KnownCRL arrays.
KnownCRLBytesReturns raw CRL data in DER format.
KnownCRLHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
KnownOCSPCountThe number of records in the KnownOCSP arrays.
KnownOCSPBytesBuffer containing raw OCSP response data.
KnownOCSPHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
OutputBytesA memory buffer where the incoming data is collected.
OutputStringA string where the incoming data is collected.
ProxyAddressThe IP address of the proxy server.
ProxyAuthenticationThe authentication type used by the proxy server.
ProxyPasswordThe password to authenticate to the proxy server.
ProxyPortThe port on the proxy server to connect to.
ProxyProxyTypeThe type of the proxy server.
ProxyRequestHeadersContains HTTP request headers for WebTunnel and HTTP proxy.
ProxyResponseBodyContains the HTTP or HTTPS (WebTunnel) proxy response body.
ProxyResponseHeadersContains response headers received from an HTTP or HTTPS (WebTunnel) proxy server.
ProxyUseIPv6Specifies whether IPv6 should be used when connecting through the proxy.
ProxyUseProxyEnables or disables proxy-driven connection.
ProxyUsernameSpecifies the username credential for proxy authentication.
ServerCertCountThe number of records in the ServerCert arrays.
ServerCertBytesReturns raw certificate data in DER format.
ServerCertCAKeyIDA unique identifier (fingerprint) of the CA certificate's private key.
ServerCertFingerprintContains the fingerprint (a hash imprint) of this certificate.
ServerCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
ServerCertIssuerThe common name of the certificate issuer (CA), typically a company name.
ServerCertIssuerRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
ServerCertKeyAlgorithmSpecifies the public key algorithm of this certificate.
ServerCertKeyBitsReturns the length of the public key.
ServerCertKeyFingerprintReturns a fingerprint of the public key contained in the certificate.
ServerCertKeyUsageIndicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
ServerCertPublicKeyBytesContains the certificate's public key in DER format.
ServerCertSelfSignedIndicates whether the certificate is self-signed (root) or signed by an external CA.
ServerCertSerialNumberReturns the certificate's serial number.
ServerCertSigAlgorithmIndicates the algorithm that was used by the CA to sign this certificate.
ServerCertSubjectThe common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
ServerCertSubjectKeyIDContains a unique identifier (fingerprint) of the certificate's private key.
ServerCertSubjectRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
ServerCertValidFromThe time point at which the certificate becomes valid, in UTC.
ServerCertValidToThe time point at which the certificate expires, in UTC.
SocketDNSModeSelects the DNS resolver to use: the class's (secure) built-in one, or the one provided by the system.
SocketDNSPortSpecifies the port number to be used for sending queries to the DNS server.
SocketDNSQueryTimeoutThe timeout (in milliseconds) for each DNS query.
SocketDNSServersThe addresses of DNS servers to use for address resolution, separated by commas or semicolons.
SocketDNSTotalTimeoutThe timeout (in milliseconds) for the whole resolution process.
SocketIncomingSpeedLimitThe maximum number of bytes to read from the socket, per second.
SocketLocalAddressThe local network interface to bind the socket to.
SocketLocalPortThe local port number to bind the socket to.
SocketOutgoingSpeedLimitThe maximum number of bytes to write to the socket, per second.
SocketTimeoutThe maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.
SocketUseIPv6Enables or disables IP protocol version 6.
TLSAutoValidateCertificatesSpecifies whether server-side TLS certificates should be validated automatically using internal validation rules.
TLSBaseConfigurationSelects the base configuration for the TLS settings.
TLSCiphersuitesA list of ciphersuites separated with commas or semicolons.
TLSECCurvesDefines the elliptic curves to enable.
TLSForceResumeIfDestinationChangesWhether to force TLS session resumption when the destination address changes.
TLSPreSharedIdentityDefines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.
TLSPreSharedKeyContains the pre-shared for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.
TLSPreSharedKeyCiphersuiteDefines the ciphersuite used for PSK (Pre-Shared Key) negotiation.
TLSRenegotiationAttackPreventionModeSelects renegotiation attack prevention mechanism.
TLSRevocationCheckSpecifies the kind(s) of revocation check to perform.
TLSSSLOptionsVarious SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size.
TLSTLSModeSpecifies the TLS mode to use.
TLSUseExtendedMasterSecretEnables Extended Master Secret Extension, as defined in RFC 7627.
TLSUseSessionResumptionEnables or disables TLS session resumption capability.
TLSVersionsTh SSL/TLS versions to enable by default.
TrustedCertCountThe number of records in the TrustedCert arrays.
TrustedCertBytesReturns raw certificate data in DER format.
TrustedCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

ConfigSets or retrieves a configuration setting.
ConnectEstablishes connection to a remote server.
DisconnectDisconnects from the server.
ReceiveAllDataReads data from the connection.
ReceiveDataReads data from the connection.
SendDataSends a buffer to the server.
SendKeepAliveSends a keep-alive packet.
SendTextSends a text string to the server.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

CertificateValidateFires when the server's TLS certificate has to be validated.
ErrorInformation about errors during data delivery.
ExternalSignHandles remote or external signing initiated by the SignExternal method or other source.
NotificationThis event notifies the application about an underlying control flow event.

Configuration Settings


The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

IgnoreSystemTrustWhether trusted Windows Certificate Stores should be treated as trusted.
TolerateMinorChainIssuesWhether to tolerate minor chain issues.
UseMicrosoftCTLEnables or disables automatic use of Microsoft online certificate trust list.
UseSystemCertificatesEnables or disables the use of the system certificates.
CheckKeyIntegrityBeforeUseEnables or disable private key integrity check before use.
CookieCachingSpecifies whether a cookie cache should be used for HTTP(S) transports.
CookiesGets or sets local cookies for the class (supported for HTTPClient, RESTClient and SOAPClient only).
DefDeriveKeyIterationsSpecifies the default key derivation algorithm iteration count.
EnableClientSideSSLFFDHEEnables or disables finite field DHE key exchange support in TLS clients.
GlobalCookiesGets or sets global cookies for all the HTTP transports.
HttpUserAgentSpecifies the user agent name to be used by all HTTP clients.
LogDestinationSpecifies the debug log destination.
LogDetailsSpecifies the debug log details to dump.
LogFileSpecifies the debug log filename.
LogFiltersSpecifies the debug log filters.
LogFlushModeSpecifies the log flush mode.
LogLevelSpecifies the debug log level.
LogMaxEventCountSpecifies the maximum number of events to cache before further action is taken.
LogRotationModeSpecifies the log rotation mode.
MaxASN1BufferLengthSpecifies the maximal allowed length for ASN.1 primitive tag data.
MaxASN1TreeDepthSpecifies the maximal depth for processed ASN.1 trees.
OCSPHashAlgorithmSpecifies the hash algorithm to be used to identify certificates in OCSP requests.
UseOwnDNSResolverSpecifies whether the client classes should use own DNS resolver.
UseSharedSystemStoragesSpecifies whether the validation engine should use a global per-process copy of the system certificate stores.
UseSystemOAEPAndPSSEnforces or disables the use of system-driven RSA OAEP and PSS computations.
UseSystemRandomEnables or disables the use of the OS PRNG.

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox 2020 PHP Edition - Version 20.0 [Build 8154]