Topic: EL 8.4 with php-imap doesn't support SNI with TL1.3
On EL8 (specifically: Centos or AlmaLinux), since the update to 8.4, php-imap 7.3.28 doesn't want to connect to imap.gmail.com:993. It shows the following error when connecting:
# php -d display_errors=1 -r 'imap_open("{imap.gmail.com:993/imap/ssl}INBOX", "username", "password") or die(imap_last_error());'
Certificate failure for imap.gmail.com: self signed certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid
As far as I can see, this is because of an combination of openssl 1.1.1 enabling TLS1.3 in some cases and php-imap not supporting SNI. This is most clearly described here, but is reported elsewhere as well: https://help.heroku.com/ZW1V2D46/why-ca … map-server
The page I'm referring to notest that this issue should be fixed from 7.3.8 upwards, but if I take a look at the php release notes, I can't find anything related to SNI concerning that version.
Could it be that this is a private Heroku patch, or dit I miss something in the release notes?
Is this something you (Remi) are willing to add? It seems SNI is an important function to keep working on all TLS-versions, including TLS1.3.