[openssl.org #2126] Bug: Can't Connect via TLS through PHP v5.3.0/OpenSSL v0.9.8l

Wed, 09 Dec 2009 11:14:07 -0800 

Hi,

I've been trying to get a PHP script to connect via TLS to an email server
but I'm getting an error. In the end I thought I'd try it natively in
OpenSSL and I get the same error. If I use the following command:

  openssl s_client -connect server.domain.com:587 -tls1

I get the following error:

  CONNECTED(00000774)
  1904:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:.\ssl\s3_pkt.c:284:

I'm using OpenSSL v0.9.8l, compiled for Windows. The PHP v5.3.0 build I have
gives me the same error, is it trying to use SSLv3 instead of TLS?

However, I found that if I entered this command into OpenSSL:

  openssl s_client -starttls smtp -connect server.domain.com:587 -tls1

It worked and returned a collection of certificate information. I get the
impression that TLS can start unencrypted and then switch it up but is this
the real source of my problem, a lack of support in PHP for this
functionality? (See this post that gave me a clue --
http://forums.devnetwork.net/viewtopic.php?f=52&t=96525#p531211)

I'm no TLS/SSL expert so apologies if my terminology is wrong, I'm simply
trying to understand why my script isn't working.

Thanks,

Pablo
Hi,

I've been trying to get a PHP script to connect via TLS to an email server but I'm getting an error. In the end I thought I'd try it natively in OpenSSL and I get the same error. If I use the following command:

  openssl s_client -connect server.domain.com:587 -tls1

I get the following error:

  CONNECTED(00000774)
  1904:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:.\ssl\s3_pkt.c:284:

I'm using OpenSSL v0.9.8l, compiled for Windows. The PHP v5.3.0 build I have gives me the same error, is it trying to use SSLv3 instead of TLS?

However, I found that if I entered this command into OpenSSL:

  openssl s_client -starttls smtp -connect server.domain.com:587 -tls1

It worked and returned a collection of certificate information. I get the impression that TLS can start unencrypted and then switch it up but is this the real source of my problem, a lack of support in PHP for this functionality? (See this post that gave me a clue -- http://forums.devnetwork.net/viewtopic.php?f=52&t=96525#p531211)

I'm no TLS/SSL expert so apologies if my terminology is wrong, I'm simply trying to understand why my script isn't working.

Thanks,

Pablo

Reply via email to