diff -urNp -x '*.orig' php-7.1.33.org/ext/openssl/openssl.c php-7.1.33/ext/openssl/openssl.c
--- php-7.1.33.org/ext/openssl/openssl.c	2019-10-22 18:59:46.000000000 +0200
+++ php-7.1.33/ext/openssl/openssl.c	2022-01-20 15:55:08.279929919 +0100
@@ -1471,7 +1471,9 @@ PHP_MINIT_FUNCTION(openssl)
 	REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);
 
 	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
+#ifdef RSA_SSLV23_PADDING
 	REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT);
+#endif
 	REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
 
diff -urNp -x '*.orig' php-7.1.33.org/ext/openssl/xp_ssl.c php-7.1.33/ext/openssl/xp_ssl.c
--- php-7.1.33.org/ext/openssl/xp_ssl.c	2019-10-22 18:59:46.000000000 +0200
+++ php-7.1.33/ext/openssl/xp_ssl.c	2022-01-20 15:55:08.283263252 +0100
@@ -2571,7 +2571,7 @@ php_stream *php_openssl_ssl_socket_facto
 
 	if (strncmp(proto, "ssl", protolen) == 0) {
 		sslsock->enable_on_connect = 1;
-		sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_ANY_CLIENT);
+		sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT);
 	} else if (strncmp(proto, "sslv2", protolen) == 0) {
 		php_error_docref(NULL, E_WARNING, "SSLv2 unavailable in this PHP version");
 		php_stream_close(stream);
@@ -2587,7 +2587,7 @@ php_stream *php_openssl_ssl_socket_facto
 #endif
 	} else if (strncmp(proto, "tls", protolen) == 0) {
 		sslsock->enable_on_connect = 1;
-		sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+		sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT);
 	} else if (strncmp(proto, "tlsv1.0", protolen) == 0) {
 		sslsock->enable_on_connect = 1;
 		sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
diff -urNp -x '*.orig' php-7.1.33.org/main/streams/php_stream_transport.h php-7.1.33/main/streams/php_stream_transport.h
--- php-7.1.33.org/main/streams/php_stream_transport.h	2019-10-22 19:00:03.000000000 +0200
+++ php-7.1.33/main/streams/php_stream_transport.h	2022-01-20 15:55:08.283263252 +0100
@@ -172,8 +172,8 @@ typedef enum {
 	STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT = (1 << 3 | 1),
 	STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT = (1 << 4 | 1),
 	STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 | 1),
-	/* tls now equates only to the specific TLSv1 method for BC with pre-5.6 */
-	STREAM_CRYPTO_METHOD_TLS_CLIENT = (1 << 3 | 1),
+	/* TLS equates to TLS_ANY as of PHP 7.2 */
+	STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
 	STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
 	STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | 1),
 	STREAM_CRYPTO_METHOD_SSLv2_SERVER = (1 << 1),
@@ -183,8 +183,8 @@ typedef enum {
 	STREAM_CRYPTO_METHOD_TLSv1_0_SERVER = (1 << 3),
 	STREAM_CRYPTO_METHOD_TLSv1_1_SERVER = (1 << 4),
 	STREAM_CRYPTO_METHOD_TLSv1_2_SERVER = (1 << 5),
-	/* tls equates only to the specific TLSv1 method for BC with pre-5.6 */
-	STREAM_CRYPTO_METHOD_TLS_SERVER = (1 << 3),
+	/* TLS equates to TLS_ANY as of PHP 7.2 */
+	STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
 	STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
 	STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5))
 } php_stream_xport_crypt_method_t;
--- php-7.2.34/ext/openssl/xp_ssl.c.orig	2020-09-30 07:15:53.000000000 +0200
+++ php-7.2.34/ext/openssl/xp_ssl.c	2022-03-29 15:28:35.726548949 +0200
@@ -1014,6 +1014,10 @@ static int php_openssl_get_crypto_method
 {
 	int ssl_ctx_options = SSL_OP_ALL;
 
+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
+	ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
+#endif
+
 #ifdef SSL_OP_NO_SSLv2
 	ssl_ctx_options |= SSL_OP_NO_SSLv2;
 #endif
@@ -1261,6 +1265,10 @@ static int php_openssl_set_server_specif
 	zval *zv;
 	long ssl_ctx_options = SSL_CTX_get_options(ctx);
 
+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
+	ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
+#endif
+
 #if defined(HAVE_ECDH) && PHP_OPENSSL_API_VERSION < 0x10100
 	if (set_server_ecdh_curve(stream, ctx) == FAILURE) {
 		return FAILURE;