Hi,
I am trying to access RouterOS and then query the API.
I use the following to test the connection

It works without SSL, and I get OK
$host = "192.168.50.20";
$port = "8728";
$checkconn = fsockopen($host, $port, $errno, $errstr, 5);
if(!$checkconn){
echo "($errno) $errstr";
} else {
echo 'ok';
}

But with SSL, it does not work
$host = "ssl://192.168.50.20";
$port = "8729";
$checkconn = fsockopen($host, $port, $errno, $errstr, 5);
if(!$checkconn){
echo "($errno) $errstr";
} else {
echo 'ok';
}

I get following errors:
Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure in /srv/test.php on line 38
Warning: fsockopen(): Failed to enable crypto in /srv/test.php on line 38
Warning: fsockopen(): unable to connect to ssl://192.168.50.20:8729 (Unknown error) in /srv/test.php on line 38

I have /ip/services/print as following:

Flags: X - disabled, I - invalid

NAME PORT ADDRESS CERTIFICATE

0 X telnet 23
1 ftp 21
2 www 80
3 ssh 22
4 X www-ssl 443 none
5 api 8728
6 winbox 8291
7 api-ssl 8729 none

Any input is appreciated.
Thanks

If you’re going to use ADH encryption (read: without certificate), then you must explicitly declare this in a stream context, and (in PHP 5.6+) also explicitly set “verify_peer” to false.


PHP is somewhat unstable with “raw” SSL sockets right now, and versions older than 5.6.8 are completely unusable. I’ve tried to abstract away such connections in my API client, but I can’t fight internal PHP bugs.