openSSL not working with PHP built-in webserver

Question

OS: Ubuntu 12.04 64-bit

PHP version: 5.4.6-2~precise+1

When I test an https page I am writing through the built-in webserver (php5 -S localhost:8000), Firefox (16.0.1) says "Problem loading: The connection was interrupted", while the terminal tells me "::1:37026 Invalid request (Unsupported SSL request)".

phpinfo() tells me:

• Registered Stream Socket Transports: tcp, udp, unix, udg, ssl, sslv3, tls
• [curl] SSL: Yes
• SSL Version: OpenSSL/1.0.1

• openssl:

  OpenSSL support: enabled

  OpenSSL Library Version OpenSSL 1.0.1 14 Mar 2012

  OpenSSL Header Version OpenSSL 1.0.1 14 Mar 2012

Yes, http pages work just fine.

Any ideas?

Answer 1

See the manual section on the built-in webserver shim:
http://php.net/manual/en/features.commandline.webserver.php

It doesn't support SSL encryption. It's for plain HTTP requests. The openssl extension and function support is unrelated. It does not accept requests or send responses over the stream wrappers.

If you want SSL to run over it, try a stunnel wrapper:

php -S localhost:8000 &    stunnel3 -d 443 -r 8080   

It's just for toying anyway.

Answer 2

It's been three years since the last update; here's how I got it working in 2021 on macOS (as an extension to mario's answer):

# Install stunnel brew install stunnel  # Find the configuration directory cd /usr/local/etc/stunnel  # Copy the sample conf file to actual conf file cp stunnel.conf-sample stunnel.conf  # Edit conf vim stunnel.conf 

Modify stunnel.conf so it looks like this: (all other options can be deleted)

; ************************************************************************** ; * Global options                                                         * ; **************************************************************************  ; Debugging stuff (may be useful for troubleshooting) ; Enable foreground = yes to make stunnel work with Homebrew services foreground = yes debug = info output = /usr/local/var/log/stunnel.log  ; ************************************************************************** ; * Service definitions (remove all services for inetd mode)               * ; **************************************************************************  ; ***************************************** Example TLS server mode services  ; TLS front-end to a web server [https] accept = 443 connect = 8000 cert = /usr/local/etc/stunnel/stunnel.pem ; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel ; Microsoft implementations do not use TLS close-notify alert and thus they ; are vulnerable to truncation attacks ;TIMEOUTclose = 0 

This accepts HTTPS / SSL at port 443 and connects to a local webserver running at port 8000, using stunnel's default bogus cert at /usr/local/etc/stunnel/stunnel.pem. Log level is info and log outputs are written to /usr/local/var/log/stunnel.log.

Start stunnel:

brew services start stunnel # Different for Linux 

Start the webserver:

php -S localhost:8000 

Now you can visit https://localhost:443 to visit your webserver: screenshot

There should be a cert error and you'll have to click through a browser warning but that gets you to the point where you can hit your localhost with HTTPS requests, for development.