php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55236 Can't open a connection via TLS
Submitted: 2011-07-19 04:49 UTC Modified: 2021-06-28 13:10 UTC
Votes:22
Avg. Score:4.6 ± 0.7
Reproduced:18 of 18 (100.0%)
Same Version:10 (55.6%)
Same OS:9 (50.0%)
From: mark_lanthaler at gmx dot net Assigned: cmb (profile)
Status: Not a bug Package: OpenSSL related
PHP Version: 5.3.6 OS: Ubuntu
Private report: No CVE-ID: None
 [2011-07-19 04:49 UTC] mark_lanthaler at gmx dot net
Description:
------------
When opening a socket to smtp.live.com with TLS via 

$fp = fsockopen("tls://smtp.live.com", 587, $errno, $errstr, 3);


It's neither a problem to establish a SSL connection via PHP or to connect to smtp.live.com via openssl at the command line:

openssl s_client -starttls smtp -connect smtp.live.com:587


Test script:
---------------
$fp = fsockopen("tls://smtp.live.com", 587, $errno, $errstr, 3);
if (!$fp) {
    echo "$errstr ($errno)";
}

Expected result:
----------------
A connection being established.

Actual result:
--------------
PHP Warning:  fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1408F10B:SSL routines:func(143):reason(267) in /var/www/test.php on line 4
PHP Warning:  fsockopen(): Failed to enable crypto in /var/www/test.php on line 4
PHP Warning:  fsockopen(): unable to connect to tls://smtp.live.com:587 (Unknown error) in /var/www/test.php on line 4


Reason 267 is according to ssl.h "SSL_R_WRONG_VERSION_NUMBER". Thus I suspect that's the same issue as in bug #29296.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-16 00:08 UTC] felipe@php.net
-Summary: Ubuntu 11.04 +Summary: Can't open a connection via TLS
 [2014-02-20 22:15 UTC] rdlowrey@php.net
-Status: Open +Status: Verified
 [2016-03-03 16:15 UTC] ar dot dev at ange7 dot com
I have the same problem with PHP 5.6.17+dfsg-0+deb8u1 on debian jessie 

can't open fsockopen('tls://domain.tld', 587);

-- my script --

<?php

$fp = fsockopen("tls://devnco.fr", 587);
var_dump($fp);

?>

-- actual result --
PHP Warning:  fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number in Command line code on line 1
PHP Warning:  fsockopen(): Failed to enable crypto in Command line code on line 1
PHP Warning:  fsockopen(): unable to connect to tls://devnco.fr:587 (Unknown error) in Command line code on line 1
bool(false)

it's very important for me :/
 [2018-09-05 14:09 UTC] alan at inspirometer dot com
Has this been looked at? I am running 7.1 and still experiencing this.
 [2021-06-28 13:10 UTC] cmb@php.net
-Status: Verified +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-06-28 13:10 UTC] cmb@php.net
> openssl s_client -starttls smtp -connect smtp.live.com:587

If you try

    openssl s_client -connect smtp.live.com:587

instead, you basically get the same error message:

    3580:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl\record\ssl3_record.c:332:

That is because the server requires STARTTLS, i.e. you start with
an unencrypted TCP connection, and only later the SSL handshake is
supposed to happen.  The exact details of this negotiation depend
on the protocol (that is why openssl's -starttls option requires
to pass it).  Thus, with low level sockets, the behavior is
actually expected (i.e. you'd need to implement STARTTLS support
yourself).
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Aug 03 04:01:23 2021 UTC