# Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name in /var/www/app/src/Mailer/SmtpTransport.php:25

- **ID:** `php/stream-socket-ssl-sni`
- **Domain:** php
- **Category:** protocol_error
- **Error Code:** `14094458`
- **Verification:** ai_generated
- **Fix Rate:** 82%

## Root Cause

The SSL/TLS handshake fails because the server's hostname does not match the SNI (Server Name Indication) extension sent by PHP, often due to a missing or incorrect peer_name in the stream context.

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| PHP 8.1 | active | — | — |
| PHP 8.2 | active | — | — |
| PHP 8.3 | active | — | — |
| OpenSSL 1.1.1 | active | — | — |
| OpenSSL 3.0 | active | — | — |

## Workarounds

1. **Set the 'peer_name' context option to the correct hostname: $context = stream_context_create(['ssl' => ['peer_name' => 'mail.example.com']]); $stream = stream_socket_client('tls://mail.example.com:465', $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);** (90% success)
   ```
   Set the 'peer_name' context option to the correct hostname: $context = stream_context_create(['ssl' => ['peer_name' => 'mail.example.com']]); $stream = stream_socket_client('tls://mail.example.com:465', $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);
   ```
2. **If using PHP's built-in mail function or PHPMailer, ensure the SMTP host matches the certificate's common name. For example, use 'smtp.example.com' instead of an IP address.** (85% success)
   ```
   If using PHP's built-in mail function or PHPMailer, ensure the SMTP host matches the certificate's common name. For example, use 'smtp.example.com' instead of an IP address.
   ```
3. **Enable SNI by default in PHP 8.2+: set 'sni_enabled' to true in the stream context: stream_context_set_option($context, 'ssl', 'sni_enabled', true);** (75% success)
   ```
   Enable SNI by default in PHP 8.2+: set 'sni_enabled' to true in the stream context: stream_context_set_option($context, 'ssl', 'sni_enabled', true);
   ```

## Dead Ends

- **** — Disabling SSL verification (verify_peer=false) bypasses the error but exposes the connection to man-in-the-middle attacks; it does not fix the SNI mismatch. (90% fail)
- **** — Updating the CA certificate bundle alone does not resolve SNI issues; the peer_name must explicitly match the server's certificate CN or SAN. (70% fail)