php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39654 fsockopen(tls://...) starts SSL instead of TLS
Submitted: 2006-11-28 01:19 UTC Modified: 2006-11-28 09:21 UTC
From: david at blue-labs dot org Assigned:
Status: Not a bug Package: Sockets related
PHP Version: 5.2.0 OS: Linux
Private report: No CVE-ID: None
 [2006-11-28 01:19 UTC] david at blue-labs dot org
Description:
------------
(this is actually php 5.1.6)

using the tls target, fsockopen() tries to negotiate SSL instead of starting a connection and negotiating STARTTLS.



Reproduce code:
---------------
Scott PHP # cat tls-test.php
<?
$fp = fsockopen("tls://mail.blue-labs.org", 25, $errno, $errstr);
?>



Expected result:
----------------
I expect it to open a connection and negotiate STARTTLS.  ssl:// should start an SSL connection, tls:// should start a TLS connection

Actual result:
--------------
Scott PHP $ php ./tls-test.php

Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number in /home/david/svn/BlueLabs/BlueList/PHP/tls-test.php on line 3

Warning: fsockopen(): Failed to enable crypto in /home/david/svn/BlueLabs/BlueList/PHP/tls-test.php on line 3

Warning: fsockopen(): unable to connect to tls://mail.blue-labs.org:25 (Unknown error) in /home/david/svn/BlueLabs/BlueList/PHP/tls-test.php on line 3

(trimmed for brevity)

NOQUEUE: connect from [69.167.98.28]
AUTH: available mech=CRAM-MD5, allowed mech=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
 --- 220-sunny-beach.m2000inc.com ESMTP
 --- 220
 <-- \026\003\001
 --- 500 5.5.1 Command unrecognized: "\026\003\001"
 <--
 --- 500 5.5.1 Command unrecognized: ""
 --- 421 4.4.1 sunny-beach.m2000inc.com Lost input channel from [69.167.98.28]
[69.167.98.28] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-11-28 09:21 UTC] tony2001@php.net
These error messages mean that you're trying to speak SMTP-SSL to a service which supports only plain SMTP.
Usually SMTP over SSL uses different port instead of 25.
Not PHP problem.
 [2010-12-14 12:56 UTC] hamdisahloul at hotmail dot com
Plain SMTP!! Not PHP problem??

Well, let me explain it to you! In case of TLS, PHP shall start a plain text connection and then upgrade it to an encrypted connection over the same port using the STARTTLS extension. Review this for more details: http://en.wikipedia.org/wiki/STARTTLS
 [2013-07-10 01:00 UTC] ross at golder dot org
The guy in the comment (hamdisahloul at hotmail dot com) is right. The 'tls://' 
URL is still completely broken from the perspective of using it to send mail via 
port 587, for example, as it appears to use SSL regardless and not TLS/STARTTLS 
as expected.

Still a reproducible bug in 5.3.10 (Ubuntu Precise).
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 15:01:29 2024 UTC