I have to write some PHP code to make a post request to an external server and got two different examples from the server owners, one using "ssl://" and the other "https://" in the URL.
Can they be used interchangeably? Where would this be documented? Thank you!
EDIT to include PHP code (not sure why I can't format the code properly, if someone can help with explaining how to incorporate the initial comment in the code block):
// make a http post request to an external server
function httpPost($host, $usepath, $postdata = "") {
$fp = fsockopen($host, 443, $errno, $errstr, 60);
if( !$fp ) {
print "$errstr ($errno)<br>
";
}
else {
fwrite( $fp, "POST $usepath HTTP/1.0
");
$strlength = strlen( $postdata );
fwrite( $fp, "Content-type: application/x-www-form-urlencoded
" );
fwrite( $fp, "Content-length: ".$strlength."
" );
fwrite( $fp, $postdata."
" );
$output = "";
while( !feof( $fp ) ) {
$output .= fgets( $fp, 1024);
}
fclose( $fp);
}
return $output;
}
ssl:// URLs are quite specific to PHP. It's the way PHP provides a way to use a direct SSL/TLS connection when using its fsocketopen function. See List of Supported Socket Transports in the manual.
ssl:// will give you an SSL/TLS connection without any application protocol on top of it: it will be up to your application to implement whichever protocol you require for the communication.
In contrast, https:// will implement the HTTP protocol over this SSL/TLS connection.
Note that the default settings for ssl:// and tls:// are rather poor in terms of security. In particular, the default value for verify_peer is false, which would make the connection vulnerable to MITM attacks.
HTTPS is HTTP protocol encrypted with SSL. A POST request is defined in the HTTP protocol, therefore you should use https:// for that.
Looking at IANA's list of URI schemes, I did not see ssl://, therefore I would suggest against using it in any situation.