|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #29296 SSL connection failed
Submitted: 2004-07-21 13:12 UTC Modified: 2010-12-20 11:41 UTC
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: hotte at unrealforum dot de Assigned: jani (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.0.0 OS: Linux Gentoo 2.6.7
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: hotte at unrealforum dot de
New email:
PHP Version: OS:


 [2004-07-21 13:12 UTC] hotte at unrealforum dot de
I've tried to etablish a ssl-connection with the php-cli to a rrp-server ( with fsockopen but receive "SSL handshake/connection failed"
A connect with openssl is successfull:

openssl s_client -ssl3 -crlf -connect host:648

New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
    Protocol  : SSLv3
    Cipher    : DES-CBC3-SHA
    Session-ID: 77752169E6CCC2EE44C4A5BADFD93A074D041FA8D0E8A5285810312F2DEBD43E
    Master-Key: 58F8FE9AA2CE1D5A731D3A7207889503A79254DC3BE6D1C8DE3B94EB4E634317D7CC084CA29BBE7218F587967EA099B6
    Key-Arg   : None
    Start Time: 1090407338
    Timeout   : 7200 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)

PHP configure:

'./configure' '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--with-apxs2=/usr/sbin/apxs2' '--with-config-file-path=/etc/php/apache2-php5' '--without-pear' '--disable-bcmath' '--without-bz2' '--disable-calendar' '--without-cpdflib' '--disable-ctype' '--without-curl' '--without-curlwrappers' '--disable-dbase' '--disable-dbx' '--disable-dio' '--disable-exif' '--with-fam' '--without-fbsql' '--without-fdftk' '--disable-filepro' '--disable-ftp' '--with-gettext' '--without-gmp' '--without-hwapi' '--without-iconv' '--without-informix' '--without-ingres' '--without-interbase' '--enable-mbstring' '--with-mcrypt' '--without-mcve' '--without-mhash' '--without-ming' '--without-mnogosearch' '--without-msql' '--without-mssql' '--with-ncurses' '--without-oci8' '--without-oracle' '--with-openssl' '--without-ovrimos' '--without-pcre-regx' '--without-pfpro' '--without-pgsql' '--disable-posix' '--with-pspell' '--without-recode' '--disable-simplexml' '--without-snmp' '--disable-soap' '--disable-sockets' '--disable-spl' '--without-sybase' '--without-sybase-ct' '--disable-sysvmsg' '--disable-sysvsem' '--disable-sysvshm' '--without-tidy' '--disable-tokenizer' '--disable-wddx' '--without-xsl' '--with-xmlrpc' '--disable-yp' '--with-zlib' '--without-cdb' '--with-db4' '--without-dbm' '--without-flatfile' '--with-gdbm' '--without-inifile' '--without-qdbm' '--with-gd' '--enable-gd-jis-conf' '--enable-gd-native-ttf' '--with-ldap' '--without-ldap-sasl' '--with-mysql' '--disable-session' '--without-sqlite' '--enable-dba' '--with-readline' '--without-libedit'

SSL connections to other Mail/Webserver works fine.

Reproduce code:
$fd	=	fsockopen("ssl://host,648);
$fd	=	fsockopen("tls://host,648);

Expected result:
a successfull connection

Actual result:
Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1408F10B:SSL routines:func(143):reason(267) in test.php on line 3

Warning: fsockopen(): Failed to enable crypto in test.php on line 3

Warning: fsockopen(): unable to connect to tls://host:648 (Unknown error) in test.php on line 3


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-09-10 13:13 UTC]
How to diagnose OpenSSL errors:

Look at the error message:
error:1408F10B:SSL routines:func(143):reason(267)

Take the reason code (267) and determine the error:
grep 267 /usr/include/openssl/ssl.h
/usr/include/openssl/ssl.h:#define SSL_R_WRONG_VERSION_NUMBER                    267


Read the first hit:

    Many of SSL clients sends the first CLIENT HELLO with
    ssl2 format (0x80.....) because they don't know what
    version the server supports.
    In this first message, the client sends the version
    he wants to use (3 for SSL3), then the other exchanged
    messages are in the appropriate format SSL3 for V3,
    SSL2 for V2 etc....

    So in your server method configuration you must put:
      SSL_CTX *ctx = SSL_CTX_new (SSLv23_server_method())
    to correctely analyse the first client_hello message
    instead of 
      SSL_CTX *ctx = SSL_CTX_new (SSLv3_server_method())
    which i suppose you did.

Conclusion: the rrp-server uses SSLv3_server_method and therefore needs to be fixed to use SSLv23 instead.

 [2004-09-10 13:44 UTC]
On reflection, it might be a tad difficult to force rrp server to change, so I've added sslv2:// and sslv3:// transports to CVS; grab the next snapshot (5.0 or HEAD) and use fsockopen("sslv3://...") instead.
 [2010-12-20 11:41 UTC]
-Package: Tidy +Package: OpenSSL related -Assigned To: +Assigned To: jani
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Apr 23 17:01:24 2021 UTC