I see where rfc4507bis support was added in 0.9.8e, then (confusingly) again in 0.9.8n. Maybe it was removed from f or g??
Anyway, the answer to this question suggests that it may be that the server is actually in err here, which maybe OpenSSL should handle more gracefully.
Marking the PHP portion of this Triaged. I suspect that OpenSSL is actually doing the right thing here, and so suggest that it might be Invalid (though I'd like somebody more familiar with OpenSSL to make that change)
Steve, thanks for looking into this further.
I've unassigned myself from the SSL portion of this, as I am not really the best person to address the issue fully.
According to this:
http:// www.openssl. org/news/ changelog. html
I see where rfc4507bis support was added in 0.9.8e, then (confusingly) again in 0.9.8n. Maybe it was removed from f or g??
Anyway, the answer to this question suggests that it may be that the server is actually in err here, which maybe OpenSSL should handle more gracefully.
http:// stackoverflow. com/questions/ 2667514/ openssl- sessionticket- tls-extension- problem
Seems to me that there is a need then to allow disabling the SessionTicket extension to the SSL context options:
http:// us2.php. net/manual/ en/context. ssl.php
So, I've submitted this PHP bug which would allow disabling the SessionTicket extension.
http:// bugs.php. net/bug. php?id= 53447
Marking the PHP portion of this Triaged. I suspect that OpenSSL is actually doing the right thing here, and so suggest that it might be Invalid (though I'd like somebody more familiar with OpenSSL to make that change)