Tickets :: [#14190] PHP 5.6 and IMAP/SMTP connection with TLSv1.2 not working

6.0.0-beta1

8/28/25

Summary	PHP 5.6 and IMAP/SMTP connection with TLSv1.2 not working
Queue	Horde Framework Packages
Type	Enhancement
State	Resolved
Priority	1. Low
Owners	jan (at) horde (dot) org
Requester	john.kramer (at) neys (dot) org
Created	12/12/2015 (3547 days ago)
Due
Updated	12/14/2015 (3545 days ago)
Assigned	12/14/2015 (3545 days ago)
Resolved	12/14/2015 (3545 days ago)
Milestone	Socket_Client 1.2.0
Patch	No

12/14/2015 11:04:43 AM	Jan Schneider	Milestone ⇒ Socket_Client 1.2.0

12/14/2015 11:04:23 AM	Jan Schneider	Assigned to Jan Schneider State ⇒ Resolved

12/14/2015 11:04:15 AM	Git Commit	Comment #2	Reply to this comment
Changes have been made in Git (master): commit 3a9a8c7d10cdc78f735fbf865d74f5f7ae1c6c15 Author: Jan Schneider <jan@horde.org> Date: Mon Dec 14 12:03:13 2015 +0100 [jan] Enable TLS 1.1 and 1.2 connections (~~Request #14190~~). .../Socket_Client/lib/Horde/Socket/Client.php \| 17 ++++++++++++----- framework/Socket_Client/package.xml \| 12 ++++++------ 2 files changed, 18 insertions(+), 11 deletions(-) http://github.com/horde/horde/commit/3a9a8c7d10cdc78f735fbf865d74f5f7ae1c6c15

12/14/2015 11:02:24 AM	Jan Schneider	Priority ⇒ 1. Low State ⇒ Assigned Type ⇒ Enhancement

12/12/2015 04:29:50 AM	john (dot) kramer (at) neys (dot) org	Comment #1 Priority ⇒ 1. Low Type ⇒ Bug Summary ⇒ PHP 5.6 and IMAP/SMTP connection with TLSv1.2 not working Queue ⇒ Horde Framework Packages Milestone ⇒ Patch ⇒ No State ⇒ Unconfirmed	Reply to this comment
With PHP 5.6 connections to IMAP or SMTP servers can not be secured with TLSv1.2. Setting 'secure' => 'tls' just leads to TLSv1.0. STREAM_CRYPTO_METHOD_TLS_CLIENT is the source of the problem. As https://wiki.php.net/rfc/improved-tls-defaults states under "Stream Wrapper Creep": Beyond the ?creep? of new stream wrappers there also exists a consistency problem. Do all users understand that the ssl wrapper technically can negotiate any of the supported protocols? Do they know that in contrast the tls wrapper will only negotiate TLSv1 and not the newer TLS iterations? [SNIP] [SNIP] Existing Constant Re-Valuing The existing constants are internally re-valued as shown below to allow their use as bitwise flags. Because the existing code delineates between clients and servers the least significant bit is used to differentiate between the two stream types. [SNIP] STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) \| (1 << 4) \| (1 << 5) \| 1), /* Any TLS protocol */ [SNIP] It seems there is a bug/feature? http://grokbase.com/t/php/php-bugs/1541c7f5jy/php-bug-bug-69345-new-tls-wrapper-disables-tls-1-1 Hard coding STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT or STREAM_CRYPTO_METHOD_SSLv23_CLIENT in Horde/Socket/Client.php upgrades the imap/smtp connections to TLSv1.2. Since this exists as of PHP 5.5 I guess it will not change soon. Is there a chance to make Horde/Socket/Client.php capable of recognizing the PHP version or just trying newer protocols first? Maybe something like this (https://github.com/pear/Net_SMTP/pull/22) can solve the problem. More information to the problem: http://lists.horde.org/archives/imp/Week-of-Mon-20151207/057059.html