Package: php-net-sieve
Version: 1.3.4-3
Severity: important
When php-net-sieve is used by roundcube to connecto to a
managesieve server, that has only TSL > v1 enabled (v1.2 only in this
case), then the script fails with
PHP Warning: stream_socket_enable_crypto(): SSL operation failed with
code 1. OpenSSL Error messages:
error:1409442E:SSL routines:ssl3_read_bytes:tlsv1
alert protocol version in
/usr/share/php/Net/Sieve.php on line 1215
This is due to the behavior, that for php >= 5.6.7, the default
for STREAM_CRYPTO_METHOD_TLS_CLIENT defaults to TLSv1 only, whereas
before it defaulted to any TLS version. The bug is already fixed
in upstream and testing. The system php is 7.
-- System Information:
Debian Release: 9.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages php-net-sieve depends on:
ii php-common 1:49
ii php-net-socket 1.0.14-2
ii php-pear 1:1.10.1+submodules+notgz-9
Versions of packages php-net-sieve recommends:
ii php-auth-sasl 1.0.6-3
php-net-sieve suggests no packages.
