PHP :: Bug #39654 :: fsockopen(tls://...) starts SSL instead of TLS

Bug #39654	fsockopen(tls://...) starts SSL instead of TLS
Submitted:	2006-11-28 01:19 UTC	Modified:	2006-11-28 09:21 UTC
From:	david at blue-labs dot org	Assigned:
Status:	Not a bug	Package:	Sockets related
PHP Version:	5.2.0	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	david at blue-labs dot org
New email:
PHP Version:		OS:

New Comment:

[2006-11-28 01:19 UTC] david at blue-labs dot org

Description:
------------
(this is actually php 5.1.6)

using the tls target, fsockopen() tries to negotiate SSL instead of starting a connection and negotiating STARTTLS.



Reproduce code:
---------------
Scott PHP # cat tls-test.php
<?
$fp = fsockopen("tls://mail.blue-labs.org", 25, $errno, $errstr);
?>



Expected result:
----------------
I expect it to open a connection and negotiate STARTTLS.  ssl:// should start an SSL connection, tls:// should start a TLS connection

Actual result:
--------------
Scott PHP $ php ./tls-test.php

Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number in /home/david/svn/BlueLabs/BlueList/PHP/tls-test.php on line 3

Warning: fsockopen(): Failed to enable crypto in /home/david/svn/BlueLabs/BlueList/PHP/tls-test.php on line 3

Warning: fsockopen(): unable to connect to tls://mail.blue-labs.org:25 (Unknown error) in /home/david/svn/BlueLabs/BlueList/PHP/tls-test.php on line 3

(trimmed for brevity)

NOQUEUE: connect from [69.167.98.28]
AUTH: available mech=CRAM-MD5, allowed mech=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
 --- 220-sunny-beach.m2000inc.com ESMTP
 --- 220
 <-- \026\003\001
 --- 500 5.5.1 Command unrecognized: "\026\003\001"
 <--
 --- 500 5.5.1 Command unrecognized: ""
 --- 421 4.4.1 sunny-beach.m2000inc.com Lost input channel from [69.167.98.28]
[69.167.98.28] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-11-28 09:21 UTC] tony2001@php.net

These error messages mean that you're trying to speak SMTP-SSL to a service which supports only plain SMTP.
Usually SMTP over SSL uses different port instead of 25.
Not PHP problem.

[2010-12-14 12:56 UTC] hamdisahloul at hotmail dot com

Plain SMTP!! Not PHP problem??

Well, let me explain it to you! In case of TLS, PHP shall start a plain text connection and then upgrade it to an encrypted connection over the same port using the STARTTLS extension. Review this for more details: http://en.wikipedia.org/wiki/STARTTLS

[2013-07-10 01:00 UTC] ross at golder dot org

The guy in the comment (hamdisahloul at hotmail dot com) is right. The 'tls://' 
URL is still completely broken from the perspective of using it to send mail via 
port 587, for example, as it appears to use SSL regardless and not TLS/STARTTLS 
as expected.

Still a reproducible bug in 5.3.10 (Ubuntu Precise).

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat May 03 20:01:31 2025 UTC