@pablo dot livardo : I think that the problem you found is caused by the difference between the client/server encryption methods used.
The 465 port is used for SMTPS, and the server starts the encryption immediately it receives your connection. So, your code will work.
The 587 port is used for Submission (MSA or Mail Submission Agent) which works like the port 25. The server accepts your connection and doesn't activate the encryption. If you want an encrypted connection on the port 587, you must connect on it without encryption, you must start to dialog with the server (with EHLO) and after that you must ask the server to start the encrypted connection using the STARTTLS command. The server starts the encryption and now you can start as well the encryption on your client.
So, in few words, you can not use :
<?php $fp = fsockopen("tls://mail.example.com", 587, $errno, $errstr); ?>
but you can use:
<?php $fp = stream_socket_client("mail.example.com:587", $errno, $errstr); ?>
and after you send the STARTTLS command, you can enable the crypto:
<?php stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_SSLv23_CLIENT); ?>
P.S. My previous note on this page was totally wrong, so I ask the php.net admin to remove it.
:)
인터넷 도메인: TCP, UDP, SSL, TLS
PHP 4, PHP 5, PHP 6. PHP 4.3.0부터 ssl:// & tls:// PHP 5.0.2부터 sslv2:// & sslv3://
Note: 전송이 표시되지 않으면 tcp://라고 가정할것이다.
- 127.0.0.1
- fe80::1
- www.example.com
- tcp://127.0.0.1
- tcp://fe80::1
- tcp://www.example.com
- udp://www.example.com
- ssl://www.example.com
- sslv2://www.example.com
- sslv3://www.example.com
- tls://www.example.com
인터넷 도메인 소켓은 목표 주소에 더하여 포트 번호가 올것을 예상할수 있다. fsockopen()의 경우 이것은 두번째 인수에서 설정되고 따라서 전송 URL의 구성에 영향을 주지 않는다. stream_socket_client()와 이와 관련된 함수는 전통적인 URL을 갖는다. 포트 번호는 전송 URL의 끝에 콜론으로 구분되어 덧붙여진다.
- tcp://127.0.0.1:80
- tcp://[fe80::1]:80
- tcp://www.example.com:80
Note: 포트 번호를 갖는 IPv6 숫자 주소
위 예제중 두번째는, IPv4의 호스트명 예제가 콜른과 포트번호의 추가와는 별개로 남겨져있는데 반하여, IPv6 주소는 대괄호: [fe80::1]에 둘러쌓여 있다. 이것은 IPv6 주소에서 사용되는 콜론과 포트번호를 구분하기 위해 사용되는 콜론을 구별하기 위한 것이다.
ssl:// 과 tls:// 전송은 (openssl 지원이 PHP안에 컴파일되었을때만 가용) SSL 암호화를 포함하는 tcp:// 전송의 확장이다. PHP 4.3.0 이후에 OpenSSL 지원은 PHP와 정적으로 컴파일되어야 한다. PHP 5.0.0 이후부터는 모듈이건 정적이건 아무거나 컴파일 되어 사용될수 있을것이다.
ssl://은 원격 호스트의 가용성과 설정에 의존하여 SSL V2나 SSL V3 접속을 허용합니다. sslv2://와 sslv3://는 명시적으로 SSL V2나 SSL V3를 선택합니다.
add a note
User Contributed Notes 4 notes
christian at lantian dot eu ¶
10 years ago
stefan at example dot com ¶
13 years ago
Actually, PHP is very able to start with an unencrypted connection and then switch to an encrypted one - refer to http://php.net/stream_socket_enable_crypto .
christian at lantian dot eu ¶
10 years ago
@pablo dot livardo : I think that the problem you found is caused by the difference between the client/server encryption methods used.
You tried to access the port 587 using TLS encryption, but the server uses the SSLv3 encryption on this port.
You can communicate with the Google server on port 465 because on this port the communication is encrypted using TLS and your client is configured to recognize the TLS.
So, if you want to connect on the Google server over the port 587, you simply must write:
<?php
$fp = fsockopen("ssl://mail.example.com", 587, $errno, $errstr);
?>
instead of:
<?php
$fp = fsockopen("tls://mail.example.com", 587, $errno, $errstr);
?>
:)
pablo dot livardo at gmail dot com ¶
14 years ago
I've been having a problem with a TLS connection.
<?php
$fp = fsockopen("tls://mail.example.com", 587, $errno, $errstr);
?>
Which gives me an error of:
SSL operation failed with code 1. OpenSSL Error messages: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
I believe this is caused by PHP not being able to start with an unencrypted connection and then switch to encryption even though the functionality is built into OpenSSL.
For Google Mail users you can avoid this by using port 465 instead of 587.
