With OpenSSL 1.1.1 this no longer returns the uppercase variants of the name, i.e. `AES-256-CBC` no longer exists but `aes-256-cbc` does.
https://github.com/oerdnj/deb.sury.org/issues/990
(PHP 5 >= 5.3.0, PHP 7, PHP 8)
openssl_get_cipher_methods — Gets available cipher methods
$aliases
= false
): arrayGets a list of available cipher methods.
aliases
Set to true
if cipher aliases should be included within the
returned array.
An array of available cipher methods. Note that prior to OpenSSL 1.1.1, the cipher methods have been returned in upper case and lower case spelling; as of OpenSSL 1.1.1 only the lower case variants are returned.
Example #1 openssl_get_cipher_methods() example
Shows how the available ciphers might look, and also which aliases might be available.
<?php
$ciphers = openssl_get_cipher_methods();
$ciphers_and_aliases = openssl_get_cipher_methods(true);
$cipher_aliases = array_diff($ciphers_and_aliases, $ciphers);
//ECB mode should be avoided
$ciphers = array_filter( $ciphers, function($n) { return stripos($n,"ecb")===FALSE; } );
//At least as early as Aug 2016, Openssl declared the following weak: RC2, RC4, DES, 3DES, MD5 based
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"des")===FALSE; } );
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"rc2")===FALSE; } );
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"rc4")===FALSE; } );
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"md5")===FALSE; } );
$cipher_aliases = array_filter($cipher_aliases,function($c) { return stripos($c,"des")===FALSE; } );
$cipher_aliases = array_filter($cipher_aliases,function($c) { return stripos($c,"rc2")===FALSE; } );
print_r($ciphers);
print_r($cipher_aliases);
?>
The above example will output something similar to:
Array ( [0] => aes-128-cbc [1] => aes-128-cbc-hmac-sha1 [2] => aes-128-cbc-hmac-sha256 [3] => aes-128-ccm [4] => aes-128-cfb [5] => aes-128-cfb1 [6] => aes-128-cfb8 [7] => aes-128-ctr [9] => aes-128-gcm [10] => aes-128-ocb [11] => aes-128-ofb [12] => aes-128-xts [13] => aes-192-cbc [14] => aes-192-ccm [15] => aes-192-cfb [16] => aes-192-cfb1 [17] => aes-192-cfb8 [18] => aes-192-ctr [20] => aes-192-gcm [21] => aes-192-ocb [22] => aes-192-ofb [23] => aes-256-cbc [24] => aes-256-cbc-hmac-sha1 [25] => aes-256-cbc-hmac-sha256 [26] => aes-256-ccm [27] => aes-256-cfb [28] => aes-256-cfb1 [29] => aes-256-cfb8 [30] => aes-256-ctr [32] => aes-256-gcm [33] => aes-256-ocb [34] => aes-256-ofb [35] => aes-256-xts [36] => aria-128-cbc [37] => aria-128-ccm [38] => aria-128-cfb [39] => aria-128-cfb1 [40] => aria-128-cfb8 [41] => aria-128-ctr [43] => aria-128-gcm [44] => aria-128-ofb [45] => aria-192-cbc [46] => aria-192-ccm [47] => aria-192-cfb [48] => aria-192-cfb1 [49] => aria-192-cfb8 [50] => aria-192-ctr [52] => aria-192-gcm [53] => aria-192-ofb [54] => aria-256-cbc [55] => aria-256-ccm [56] => aria-256-cfb [57] => aria-256-cfb1 [58] => aria-256-cfb8 [59] => aria-256-ctr [61] => aria-256-gcm [62] => aria-256-ofb [63] => bf-cbc [64] => bf-cfb [66] => bf-ofb [67] => camellia-128-cbc [68] => camellia-128-cfb [69] => camellia-128-cfb1 [70] => camellia-128-cfb8 [71] => camellia-128-ctr [73] => camellia-128-ofb [74] => camellia-192-cbc [75] => camellia-192-cfb [76] => camellia-192-cfb1 [77] => camellia-192-cfb8 [78] => camellia-192-ctr [80] => camellia-192-ofb [81] => camellia-256-cbc [82] => camellia-256-cfb [83] => camellia-256-cfb1 [84] => camellia-256-cfb8 [85] => camellia-256-ctr [87] => camellia-256-ofb [88] => cast5-cbc [89] => cast5-cfb [91] => cast5-ofb [92] => chacha20 [93] => chacha20-poly1305 [111] => id-aes128-CCM [112] => id-aes128-GCM [113] => id-aes128-wrap [114] => id-aes128-wrap-pad [115] => id-aes192-CCM [116] => id-aes192-GCM [117] => id-aes192-wrap [118] => id-aes192-wrap-pad [119] => id-aes256-CCM [120] => id-aes256-GCM [121] => id-aes256-wrap [122] => id-aes256-wrap-pad [124] => idea-cbc [125] => idea-cfb [127] => idea-ofb [137] => seed-cbc [138] => seed-cfb [140] => seed-ofb [141] => sm4-cbc [142] => sm4-cfb [143] => sm4-ctr [145] => sm4-ofb ) Array ( [36] => aes128 [37] => aes128-wrap [38] => aes192 [39] => aes192-wrap [40] => aes256 [41] => aes256-wrap [69] => aria128 [70] => aria192 [71] => aria256 [72] => bf [77] => blowfish [99] => camellia128 [100] => camellia192 [101] => camellia256 [102] => cast [103] => cast-cbc [146] => idea [164] => seed [169] => sm4 )
With OpenSSL 1.1.1 this no longer returns the uppercase variants of the name, i.e. `AES-256-CBC` no longer exists but `aes-256-cbc` does.
https://github.com/oerdnj/deb.sury.org/issues/990
May be useful for cyphers execution speed.
<?php
const TEST_COUNT = 100000;
const SOURCE = 'Note that HTML tags are not allowed in the posts, but the note formatting is preserved.';
const KEY = "password";
function TESTER( $testing_function, $argument )
{
$t = microtime(true);
for ($test_iterator = 0; $test_iterator < TEST_COUNT; $test_iterator++) {
$testing_function( $argument );
}
return round(microtime(true) - $t, 4);
}
$crypt = function($cipher) {
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
openssl_encrypt(SOURCE, $cipher, KEY, $options=0, $iv);
};
$methods = openssl_get_cipher_methods(false);
array_splice( $methods, 0, count($methods) / 2);
$timings = array();
foreach ($methods as $cypher) {
$time = TESTER( $crypt, $cypher );
$timings[ $cypher ] = $time;
echo str_pad($cypher, 40, ' ', STR_PAD_LEFT), " have time ", str_pad($time, 8, STR_PAD_LEFT), ' seconds. ', PHP_EOL;
}
uasort($timings, function($a, $b){
return $a <=> $b;
});
$min_time = round(reset($timings) / TEST_COUNT, 7);
$min_cypher = key($timings);
$max_time = round(end($timings) / TEST_COUNT, 7);
$max_cypher = key($timings);
echo '-------------', PHP_EOL;
echo "Total tests: ", count($timings), PHP_EOL;
echo "Max timing : {$max_time} seconds for `{$max_cypher}` algorithm.", PHP_EOL;
echo "Min timing : {$min_time} seconds for `{$min_cypher}` algorithm.", PHP_EOL;
echo 'Details: ', PHP_EOL;
foreach ($timings as $m => $t) {
echo '- ', str_pad($t, 8, STR_PAD_LEFT), " seconds for `{$m}`", PHP_EOL;
}
echo PHP_EOL;