9286105259

Committed 29 May 2024 12:29PM UTC coverage: 87.311% (-10.0%) from 97.267%

Build # 9286105259

Build Type

Pull #451

github

Committed by

azjezz

Commit Message

feat(tcp): support TLS/SSL

Signed-off-by: azjezz <azjezz@protonmail.com>

Pull Request Pull Request #451: feat(tcp): add support for TLS/SSL in TCP

Run Details

37 of 627 new or added lines in 16 files covered. (5.9%)

2 existing lines in 1 file now uncovered.

5030 of 5761 relevant lines covered (87.31%)

46.26 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/Psl/TCP/TLS/SecurityLevel.php

<?php

declare(strict_types=1);

namespace Psl\TCP\TLS;

use Psl\Default\DefaultInterface;

/**
 * Defines the security levels for TLS connections, based on OpenSSL's security levels.
 *
 * These levels control the algorithms and key lengths used during the TLS handshake and
 * secure connection. Higher levels enforce stronger security constraints, impacting
 * compatibility with certain clients and servers.
 *
 * @see https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_security_level.html
 */
enum SecurityLevel: int implements DefaultInterface
{
    /**
     * Level 0: Everything is permitted.
     *
     * This level retains compatibility with all versions of OpenSSL, imposing no restrictions.
     */
    case Level0 = 0;

    /**
     * Level 1: Corresponds to a minimum of 80 bits of security.
     *
     * Excludes parameters offering below 80 bits of security, prohibiting RSA, DSA, and DH keys shorter than 1024 bits,
     * ECC keys shorter than 160 bits, and any use of MD5 for the MAC. SSLv3, TLS 1.0, TLS 1.1, and DTLS 1.0 are disabled.
     */
    case Level1 = 1;

    /**
     * Level 2: Set to 112 bits of security.
     *
     * Builds on level 1 by also prohibiting RSA, DSA, and DH keys shorter than 2048 bits, ECC keys shorter than 224 bits,
     * any cipher suite using RC4, and disables compression.
     */
    case Level2 = 2;

    /**
     * Level 3: Set to 128 bits of security.
     *
     * Prohibits RSA, DSA, and DH keys shorter than 3072 bits, ECC keys shorter than 256 bits, cipher suites without forward secrecy,
     * and disables session tickets.
     */
    case Level3 = 3;

    /**
     * Level 4: Set to 192 bits of security.
     *
     * Increases requirements to RSA, DSA, and DH keys shorter than 7680 bits, ECC keys shorter than 384 bits, and disallows SHA1 for the MAC.
     */
    case Level4 = 4;

    /**
     * Level 5: The highest predefined security level, set to 256 bits of security.
     *
     * Prohibits RSA, DSA, and DH keys shorter than 15360 bits, and ECC keys shorter than 512 bits.
     */
    case Level5 = 5;

    /**
     * Returns the default security level for TLS connections, set to Level 2.
     *
     * Level 2 is chosen to balance improved security constraints against broad compatibility, reflecting modern best practices.
     *
     * @return static The default security level (Level 2).
     *
     * @pure
     */
    public static function default(): static
    {
        return static::Level2;
    }
}

1	<?php
2
3	declare(strict_types=1);
4
5	namespace Psl\TCP\TLS;
6
7	use Psl\Default\DefaultInterface;
8
9	/**
10	* Defines the security levels for TLS connections, based on OpenSSL's security levels.
11	*
12	* These levels control the algorithms and key lengths used during the TLS handshake and
13	* secure connection. Higher levels enforce stronger security constraints, impacting
14	* compatibility with certain clients and servers.
15	*
16	* @see https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_security_level.html
17	*/
18	enum SecurityLevel: int implements DefaultInterface
19	{
20	/**
21	* Level 0: Everything is permitted.
22	*
23	* This level retains compatibility with all versions of OpenSSL, imposing no restrictions.
24	*/
25	case Level0 = 0;
26
27	/**
28	* Level 1: Corresponds to a minimum of 80 bits of security.
29	*
30	* Excludes parameters offering below 80 bits of security, prohibiting RSA, DSA, and DH keys shorter than 1024 bits,
31	* ECC keys shorter than 160 bits, and any use of MD5 for the MAC. SSLv3, TLS 1.0, TLS 1.1, and DTLS 1.0 are disabled.
32	*/
33	case Level1 = 1;
34
35	/**
36	* Level 2: Set to 112 bits of security.
37	*
38	* Builds on level 1 by also prohibiting RSA, DSA, and DH keys shorter than 2048 bits, ECC keys shorter than 224 bits,
39	* any cipher suite using RC4, and disables compression.
40	*/
41	case Level2 = 2;
42
43	/**
44	* Level 3: Set to 128 bits of security.
45	*
46	* Prohibits RSA, DSA, and DH keys shorter than 3072 bits, ECC keys shorter than 256 bits, cipher suites without forward secrecy,
47	* and disables session tickets.
48	*/
49	case Level3 = 3;
50
51	/**
52	* Level 4: Set to 192 bits of security.
53	*
54	* Increases requirements to RSA, DSA, and DH keys shorter than 7680 bits, ECC keys shorter than 384 bits, and disallows SHA1 for the MAC.
55	*/
56	case Level4 = 4;
57
58	/**
59	* Level 5: The highest predefined security level, set to 256 bits of security.
60	*
61	* Prohibits RSA, DSA, and DH keys shorter than 15360 bits, and ECC keys shorter than 512 bits.
62	*/
63	case Level5 = 5;
64
65	/**
66	* Returns the default security level for TLS connections, set to Level 2.
67	*
68	* Level 2 is chosen to balance improved security constraints against broad compatibility, reflecting modern best practices.
69	*
70	* @return static The default security level (Level 2).
71	*
72	* @pure
73	*/
74	public static function default(): static
75	{
NEW 76	return static::Level2;	×
77	}
78	}

azjezz / psl / 9286105259

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous