|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #76420 tls version change
Submitted: 2018-06-06 13:54 UTC Modified: 2018-08-19 18:10 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: 24dnlj6zphz at brukerfeil dot eu Assigned: bukka (profile)
Status: Wont fix Package: OpenSSL related
PHP Version: Next Major Version OS: *
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-06-06 13:54 UTC] 24dnlj6zphz at brukerfeil dot eu
TLS-versions prior to TLS 1.2 contain security issues and are deprecated.
All major cloud providers are now also disabling older versions

The default ssl method when not specified by client code in PHP is sslv2/3.
This opens up for security issues and also breaks tls-servers that no longer support old versions.

I suggest changing the default tls version to 1.2.
I have attached a patch, but I'm not 100% sure it is correct.


patch.diff (last revision 2018-06-06 13:54 UTC by 24dnlj6zphz at brukerfeil dot eu)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-06-06 14:13 UTC] 24d3dlct6vz5txut at brukerfeil dot eu
Additional note:

Connecting to a TLS 1.2-only webserver with fsockopen works using URL ssl:// but not tls://

PHP Warning:  fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version in - on line 3
PHP Warning:  fsockopen(): Failed to enable crypto in - on line 3
 [2018-08-19 18:10 UTC]
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: bukka
 [2018-08-19 18:10 UTC]
There is already min version set to TLS 1.0 (don't get confused by the sslv2/3 name - it's for all version and minimum is set elsewhere) which will be negotiated if only TLS 1.1 or TLS 1.2 is not available - basically it starts with TLS 1.2, then 1.1 and at last 1.0. This is a sensible default as it still allows communication with older server versions in a secure way but you are free to set your preferred min proto version or just use tlsv1.2 stream if you prefer.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Apr 24 19:01:31 2024 UTC