Description: ------------ Trying to connect to a secure site that only implemented TLS, and kept getting errors. Had to hack your code to make the URI protocol tls:// instead of ssl:// This should probably be a configurable feature, and should probably default to TLS, in this post-POODLE era.

Please provide the site's address so that I can test this.

Like I said, any site not running SSL. Which is a lot more lately, and will continue to be more and more. Hopefully within a year or two there will be very few SSL sites left. $req = new HTTP_Request2("https://sni.velox.ch"); try { $resp = $req->send(); } catch (HTTP_Request2_Exception $e) { echo $e->getMessage(); } Unable to connect to ssl://sni.velox.ch:443. Error: stream_socket_client(): unable to connect to ssl://sni.velox.ch:443 (Unknown error) stream_socket_client(): Failed to enable crypto stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Sorry, was in too much of a hurry, that's a certificate error. Here is the proper test code: <?php require_once("HTTP/Request2.php"); $req = new HTTP_Request2("https://pie.primus.ca/"); $req->setConfig(["ssl_verify_peer"=>false]); try { $resp = $req->send(); } catch (HTTP_Request2_Exception $e) { echo $e->getMessage(); } echo $resp->getHeader("Content-Length"); ?> Output looks like this: Unable to connect to ssl://pie.primus.ca:443. Error: stream_socket_client(): unable to connect to ssl://pie.primus.ca:443 (Unknown error) stream_socket_client(): Failed to enable crypto After changing Adapter/Socket.php to use tls:// instead of ssl:// it looks like this: 8261

Cannot reproduce the problem, suspect it is something related to a particular version of OpenSSL on OS X. If I test with PHP 5.5 on Windows, connecting to https://www.howsmyssl.com/ gives me TLS 1.0 if I change the connection string to 'tls://' and TLS 1.2 if I leave it as is. Go figure. That being said, HTTP_Request2_SocketWrapper::enableCrypto() falls back to insecure SSL protocol versions and 'ssl' options when connecting should be updated to contain 'ciphers' key with secure ciphers setup.

Forgot to add: connection to https://pie.primus.ca/ works with either 'ssl://' or 'tls://'

Tested trunk on OS X 10.11.2 (El Capitan). PHP 5.5.30 (cli) (built: Oct 23 2015 17:21:45) OpenSSL Library Version => OpenSSL 0.9.8zg 14 July 2015 The test script runs without error with no change to code. At time of test, pie.primus.ca supported TLS 1.2, TLS 1.1 and TLS 1.0. It did not support SSL 2 or SSL 3: https://www.ssllabs.com/ssltest/analyze.html?d=pie.primus.ca

Tested trunk on OS X 10.11.2 (El Capitan). PHP 5.5.30 (cli) (built: Oct 23 2015 17:21:45) OpenSSL Library Version => OpenSSL 0.9.8zg 14 July 2015 Requesting https://www.howsmyssl.com/a/check with HTTP_Request2 uses TLS 1.0 regardless of specifying 'tls://' or 'ssl://' in the socket adapter. If I explicitly use the curl adapter, TLS 1.2 is used.

Fixed in Git. I changed the connection string to 'tls://' from 'ssl://' since this will prevent fallback to insecure SSL versions and as there is no reliable way to set required TLS version in PHP below 5.6 (see my comment from 2015-06-20 for an unreliable way).