Comment 13 for bug 592442

So initial testing shows that this is actually a problem with OpenSSL, or at least, it is OpenSSL refusing to connect to these servers:

(natty-amd64)root@clint-MacBookPro:/home/clint/pkg/php5/bzr/natty-php-ssl-fix# openssl s_client -host cas.ucdavis.edu -port 443
CONNECTED(00000003)
1787:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message:s23_clnt.c:602:
(natty-amd64)root@clint-MacBookPro:/home/clint/pkg/php5/bzr/natty-php-ssl-fix# openssl s_client -host server.db.kvk.nl -port 443
CONNECTED(00000003)
1788:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error:s23_clnt.c:602:

The condition to reach that error is:

    else if ((p[0] == SSL3_RT_ALERT) &&
         (p[1] == SSL3_VERSION_MAJOR) &&
         ((p[2] == SSL3_VERSION_MINOR) ||
          (p[2] == TLS1_VERSION_MINOR)) &&
         (p[3] == 0) &&
         (p[4] == 2))

So it seems if the SSL version is 3, or we're using tlsv1, the code is triggered (602 is later).

Still investigating, but I am adding an OpenSSL bug task.