|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76928 Unable to connect via TLS 1.2
Submitted: 2018-09-24 18:04 UTC Modified: 2020-10-16 14:08 UTC
Avg. Score:4.7 ± 0.7
Reproduced:6 of 6 (100.0%)
Same Version:4 (66.7%)
Same OS:6 (100.0%)
From: post at rolandgruber dot de Assigned: cmb (profile)
Status: Not a bug Package: IMAP related
PHP Version: 7.2.10 OS: Linux
Private report: No CVE-ID: None
 [2018-09-24 18:04 UTC] post at rolandgruber dot de
It seems that the PHP IMAP module depends on some old library (libc-client2007e) that does not support TLS v1.2. On imap_open() an error "TLS/SSL failure for <my_imap_server>: SSL negotiation failed" is reported.

Please support recent TLS versions. This is also a security issue.

User report:

The IMAP server is running cyrus 2.5.
I had to modify the parameter tls_versions in /etc/imapd.conf from
tls_versions: tls1_2 to
tls_versions: tls1_0 tls1_1 tls1_2
to make the imapAccess work, which is less secure now.

Expected result:
IMAP connections with TLS v1.2 are working.

Actual result:
TLS/SSL failure for <my_imap_server>: SSL negotiation failed


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-09-25 21:09 UTC] aurelien dot grimal at tech-tips dot fr
The problem is only concerning IMAP with StartTLS (port 143) and not direct SSL on IMAPS (port 993).
So IMAP with StartTLS can't use further than TLS1.0, and IMAP on SSL can use TLS1.2.
 [2018-09-25 22:02 UTC] spam2 at rhsoft dot net
be happy when it works at all and use some proxy in localhost which handles the encryption over wire

here after upgrade to Fedora 28 the extension without even touchd it is enough that a graceful reload leads in an endless loop of httpd crashes

sadly there is no useable replacement for my usecase testing mail servers for example if imap/pop3 deliver the same content since we had troubles of that sort in production and so tests exists with php-imap
 [2018-11-06 00:37 UTC] tbk at jjtc dot eu
I ran into the same issue when trying to setup NextCloud v14 with “External user support” (user_external) IMAP authentication and trying to chase it down lead me down the rabbit hole.

Two PHP alternatives to php-imap/uw-imap:
Rough "user space" implementation of uw-imap -
Horde IMAP Client library -

History time... Here we go!

Mark Crispin the inventor of the IMAP protocol and creator of imap (imap-uw/uw-imap/lic-client/c-client) left UW (University of Washington) in 2008.

After he left UW he created a fork called Panda IMAP. Development stopped in 2012 when Mark Crispin passed away.

The latest version of the source (from 2012) was made available by Jonathan Abbey is available at

According to this PR comment in a Panda IMAP fork by nkhorman jonabbey also passed away so Panda IMAP is also left without a maintainer.

There are a ton of different patches and forks by different distros/people/projects. To put it bluntly it is a complete mess and I believe it would benefit all if the efforts were consolidated.

Forks & patches:

Some of the GitHub forks have TLSv1.2 and the Alpine fork (includes c-client) by Eduardo Chappa has TLSv1.3 support.

An alternative to "fixing" Panda IMAP would be to rewrite php-imap based upon another lib e.g., or
 [2018-11-06 02:26 UTC] spam2 at rhsoft dot net
well, on Fedora 28 a simple "apachectl graceful" with mod_php leads in a endless segfault loop of httpd-forkers if php-imap is just loaded - a terrible mess and no real replacemeanct supporting IMAP *and* POP3 with the same API :-(
 [2019-05-08 22:05 UTC] kieran at miami-nice dot co dot uk
ext-imap is unmaintained:

c-client 2007f is the latest and as the link says it does seem some repositories are still maintaining it (EPEL) but whether they have TLS 1.2 support I don't know.

More tempted to just replace ext-imap with
 [2020-10-16 14:08 UTC]
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2020-10-16 14:08 UTC]
This is a libc-client issue, and as such not a PHP bug.  See,
however, bug #78156 which clarifies the /tls and /ssl options.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jul 15 18:01:29 2024 UTC