The problem is only concerning IMAP with StartTLS (port 143) and not direct SSL on IMAPS (port 993).
So IMAP with StartTLS can't use further than TLS1.0, and IMAP on SSL can use TLS1.2.

be happy when it works at all and use some proxy in localhost which handles the encryption over wire

https://bugzilla.redhat.com/show_bug.cgi?id=1609777

here after upgrade to Fedora 28 the extension without even touchd it is enough that a graceful reload leads in an endless loop of httpd crashes

sadly there is no useable replacement for my usecase testing mail servers for example if imap/pop3 deliver the same content since we had troubles of that sort in production and so tests exists with php-imap

I ran into the same issue when trying to setup NextCloud v14 with “External user support” (user_external) IMAP authentication and trying to chase it down lead me down the rabbit hole.

Two PHP alternatives to php-imap/uw-imap:
Rough "user space" implementation of uw-imap - https://www.drupal.org/files/issues/mailhandler.user_imap.patch
Horde IMAP Client library - https://wiki.horde.org/Project/HordeImapLib


History time... Here we go!


Mark Crispin the inventor of the IMAP protocol and creator of imap (imap-uw/uw-imap/lic-client/c-client) left UW (University of Washington) in 2008.
https://en.wikipedia.org/wiki/Mark_Crispin
https://www.washington.edu/imap/
https://en.wikipedia.org/wiki/UW_IMAP

After he left UW he created a fork called Panda IMAP. Development stopped in 2012 when Mark Crispin passed away.
https://web.archive.org/web/20120716204450/http://panda.com/imap/changes.html

The latest version of the source (from 2012) was made available by Jonathan Abbey is available at https://github.com/jonabbey/panda-imap

According to this PR comment in a Panda IMAP fork by nkhorman https://github.com/nkhorman/panda-imap/issues/1#issuecomment-294192075 jonabbey also passed away so Panda IMAP is also left without a maintainer.

There are a ton of different patches and forks by different distros/people/projects. To put it bluntly it is a complete mess and I believe it would benefit all if the efforts were consolidated.

Forks & patches:
https://repo.or.cz/alpine.git/history/HEAD:/imap
https://svnweb.freebsd.org/ports/head/mail/panda-imap/
https://svnweb.freebsd.org/ports/head/mail/panda-cclient/
https://svnweb.freebsd.org/ports/head/mail/imap-uw/files/
https://reviews.freebsd.org/D4108
https://github.com/openembedded/meta-openembedded/tree/master/meta-oe/recipes-devtools/uw-imap
https://github.com/slimlv/panda-imap/commits/master
https://github.com/nkhorman/panda-imap/commits/master
https://github.com/sequenced/panda-imap/commits/master
https://www.sequencedsystems.com/
https://sources.debian.org/patches/uw-imap/8:2007f~dfsg-5/
https://github.com/openwrt/packages/tree/master/libs/uw-imap/patches
https://gitweb.gentoo.org/repo/gentoo.git/tree/net-libs/c-client/files
https://src.fedoraproject.org/rpms/uw-imap/tree/master
http://mailman13.u.washington.edu/pipermail/imap-uw/


Some of the GitHub forks have TLSv1.2 and the Alpine fork (includes c-client) by Eduardo Chappa has TLSv1.3 support.


An alternative to "fixing" Panda IMAP would be to rewrite php-imap based upon another lib e.g. https://github.com/KDE/kimap2, https://github.com/MailCore/mailcore2 or https://github.com/dovecot/imaptest/tree/master/src

well, on Fedora 28 a simple "apachectl graceful" with mod_php leads in a endless segfault loop of httpd-forkers if php-imap is just loaded - a terrible mess and no real replacemeanct supporting IMAP *and* POP3 with the same API :-(

ext-imap is unmaintained: https://wiki.php.net/todo/extensions

c-client 2007f is the latest and as the link says it does seem some repositories are still maintaining it (EPEL) but whether they have TLS 1.2 support I don't know.

More tempted to just replace ext-imap with https://dev.horde.org/imap_client/

This is a libc-client issue, and as such not a PHP bug.  See,
however, bug #78156 which clarifies the /tls and /ssl options.