The topology scanner does not correctly reset authentication status when using speculative authentication. This affects single-threaded mode only, where authentication is done on the monitoring connection, which is also used for data. When resetting auth state, the previous result of a speculative authentication is not cleared. On subsequent handshakes, the previous authentication result is re-used. For SCRAM authentication, the conversation will be continued and will fail due to an outdated result. For X.509 however, the stale result means that the client will incorrectly assume the connection to be authenticated, while the server rejects any commands due to missing authentication.

The fix should be backported to 1.23 to allow the PHP team to fix this in the current stable release.