Our web site comprises a hotel booking engine that connects to a SOAP web service to search and book hotel reservations. The application is built in Linux, Apache, PHP and MySQL. We use PHP 5.2.17 and OpenSSL 1.0.1e-fips 11 Feb 2013. I have attached the full output of our phpini file for your reference.
We are currently receiving an error message from the web service indicating that we are submitting unencrypted requests approximately 30% of the time. The remaining 70% of the requests are encrypted. When the unencrypted request occurs, the initial SSL negotiation (when retrieving the WSDL from the web service to construct the SOAP request) fails with a message of "no cipher suites in common". This may point to a configuration issue on their end, for example that they are using an SSL load balancer.
The PHP SOAP request appears to fall back to HTTP and resubmit the request. This may be due to a combination of the default behavior of OpenSSL and PHP. We have a list of all of the ciphers that the web service supports.
We need a developer with deep experience in PHP, SOAP APIs, and OpenSSL to definitively diagnose the issue and modify the OpenSSL settings and/or the PHP script to not fall back to http and to submit the request with a supported cipher.