PHP Soap Client Attempting to use a WSDL service but the service is saying HTTPS Required

Question

I'm attempting to connect to a web service with PHP's soap client but it's response is telling me that https is required.

$context = stream_context_create([
    'ssl' => [
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true,
        'cafile'=>'my ca file'
    ]
]);


$options = array("local_cert"=>"my local cert","soap_version"=>SOAP_1_2,"ssl_method"=>SOAP_SSL_METHOD_SSLv2,"trace"=>true,"exceptions"=>true,"stream_context"=>$context);

$client = new SoapClient("https://the web service im using",$options);


$params = array(
  "username" => "my username",
  "password" => "my password",
  "accountID"=>"",
);


$result = $client->__soapCall("",$params);
echo json_encode($result);

I've tried every parameter I could find to pass through to the soapclient and ssl still isn't working.

Answer 1

This option is probably causing you problems:

... "ssl_method"=>SOAP_SSL_METHOD_SSLv2 ...

As noted on the manual page for the SoapClient constructor:

Specifying SOAP_SSL_METHOD_SSLv2 or SOAP_SSL_METHOD_SSLv3 will force use of SSL 2 or SSL 3, respectively. ... Note that SSL versions 2 and 3 are considered insecure, and may not be supported by the installed OpenSSL library.

For context, RFC 6176: Prohibiting Secure Sockets Layer (SSL) Version 2.0 is dated March 2011. It is extremely unlikely that any server still operating on the public internet supports this protocol.

As also noted in the PHP manual:

This option [ssl_method] is DEPRECATED as of PHP 8.1.0.

In almost all cases, simply leaving off this parameter is the right thing to do, and PHP will negotiate the correct version of TLS (the successor to SSL) automatically.