32

OS: Ubuntu 12.04 64-bit

PHP version: 5.4.6-2~precise+1

When I test an https page I am writing through the built-in webserver (php5 -S localhost:8000), Firefox (16.0.1) says "Problem loading: The connection was interrupted", while the terminal tells me "::1:37026 Invalid request (Unsupported SSL request)".

phpinfo() tells me:

  • Registered Stream Socket Transports: tcp, udp, unix, udg, ssl, sslv3, tls
  • [curl] SSL: Yes
  • SSL Version: OpenSSL/1.0.1

  • openssl:

    OpenSSL support: enabled

    OpenSSL Library Version OpenSSL 1.0.1 14 Mar 2012

    OpenSSL Header Version OpenSSL 1.0.1 14 Mar 2012

Yes, http pages work just fine.

Any ideas?

Improve this question
2
  • 1
    Should probably go on ServerFault. Commented Oct 18, 2012 at 3:10
  • Not exactly what you want, but you can try ngrok stackoverflow.com/a/23243958/632951 Commented Mar 15, 2015 at 18:40

4 Answers 4

Reset to default
53

See the manual section on the built-in webserver shim:
http://php.net/manual/en/features.commandline.webserver.php

It doesn't support SSL encryption. It's for plain HTTP requests. The openssl extension and function support is unrelated. It does not accept requests or send responses over the stream wrappers.

If you want SSL to run over it, try a stunnel wrapper:

php -S localhost:8000 &   
stunnel3 -d 443 -r 8080

It's just for toying anyway.

Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

Where does one find the version of stunnel that takes these options? According to the documentation on stunnel.org, the application available there doesn't take the "-d" or "-r" options.
Use stunnel3. It seems stunnel4 runs primarily as daemon / via iptables and requires a config file instead.
@Pacerier It's still the easiest option to set up. For testing mitmproxy might be a nice alternative. And for long-lived setups Tinyproxy or just plain Apache+mod_proxy for forwarding HTTPs to PHPs http server even.
Re the code above (php -S localhost:8000 &; stunnel3 -d 443 -r 8080) The stunnel3 command appears to redirect port 443 https request to port 8080, and the php command appears to serve requests to port 8000. Should the stunnel3 command redirect to port 8000 instead?
I had to: openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem && sudo mv stunnel.pem /etc/stunnel && sudo stunnel3 -p /etc/stunnel/stunnel.pem -d 443 -r 8000
|
13

It's been three years since the last update; here's how I got it working in 2021 on macOS (as an extension to mario's answer):

# Install stunnel
brew install stunnel

# Find the configuration directory
cd /usr/local/etc/stunnel

# Copy the sample conf file to actual conf file
cp stunnel.conf-sample stunnel.conf

# Edit conf
vim stunnel.conf

Modify stunnel.conf so it looks like this: (all other options can be deleted)

; **************************************************************************
; * Global options                                                         *
; **************************************************************************

; Debugging stuff (may be useful for troubleshooting)
; Enable foreground = yes to make stunnel work with Homebrew services
foreground = yes
debug = info
output = /usr/local/var/log/stunnel.log

; **************************************************************************
; * Service definitions (remove all services for inetd mode)               *
; **************************************************************************

; ***************************************** Example TLS server mode services

; TLS front-end to a web server
[https]
accept = 443
connect = 8000
cert = /usr/local/etc/stunnel/stunnel.pem
; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel
; Microsoft implementations do not use TLS close-notify alert and thus they
; are vulnerable to truncation attacks
;TIMEOUTclose = 0

This accepts HTTPS / SSL at port 443 and connects to a local webserver running at port 8000, using stunnel's default bogus cert at /usr/local/etc/stunnel/stunnel.pem. Log level is info and log outputs are written to /usr/local/var/log/stunnel.log.

Start stunnel:

brew services start stunnel # Different for Linux

Start the webserver:

php -S localhost:8000

Now you can visit https://localhost:443 to visit your webserver: screenshot

There should be a cert error and you'll have to click through a browser warning but that gets you to the point where you can hit your localhost with HTTPS requests, for development.

Improve this answer

1 Comment

Lifesaver of an answer, thank you. Small addition: For m1 / Apple Silicon Macs the stunnel config file seems to be located under /opt/homebrew/etc/stunnel.
3

Use Ngrok

  1. Expose your server's port like so: ngrok http <server port>

  2. Browse with the ngrok's secure public address (the one with https).

Note: Though it works like a charm, it seems an overkill since it requires internet and would appreciate better recommendations.

Improve this answer

1 Comment

To me it's a nice idea that does the trick, upvoted
2

I've been learning nginx and Laravel recently, and this error has came up many times. It's hard to diagnose because you need to align nginx with Laravel and also the SSL settings in your operating system at the same time (assuming you are making a self-signed cert).

If you are on Windows, it is even more difficult because you have to fight unix carriage returns when dealing with SSL certs. Sometimes you can go through the steps correctly, but you get ruined by cert validation issues. I find the trick is to make the certs in Ubuntu or Mac and email them to yourself, or use the linux subsystem.

In my case, I kept running into an issue where I declare HTTPS somewhere but php artisan serve only works on HTTP.

I just caused this Invalid request (Unsupported SSL request) error again after SSL was hooked up fine. It turned out to be that I was using Axios to make a POST request to https://. Changing it to POST http:// fixed it.

My recommendation to anyone would be to take a look at where and how HTTP/HTTPS is being used.

The textbook definition is probably something like php artisan serve only works over HTTP but requires underlying SSL layer.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.