> On Jul 5, 2023, at 10:44, Ben Ramsey <b...@benramsey.com> wrote:
> 
>> On Jun 13, 2023, at 15:06, Jan Ehrhardt <php...@ehrhardt.nl> wrote:
>> 
>> Hi Christoph,
>> 
>> "Christoph M. Becker" in php.internals (Wed, 18 Jan 2023 13:20:41 +0100):
>>> While the official builds for PHP 8.2 already use OpenSSL 3.0, the PHP
>>> 8.1 builds are still using OpenSSL 1.1.1.  However, OpenSSL 1.1.1 is
>>> only supported till 2023-09-11[1], while PHP 8.1 is supported till
>>> 2024-11-25[2].  Although I don't like bumping the OpenSSL version in the
>>> middle of PHP 8.1's lifetime, I suppose it is necessary to avoid falling
>>> behind security support.  And if we do that bump, we better do it sooner
>>> than later.
>>> 
>>> So, if there are no unforeseen problems, I suggest to build PHP
>>> 8.1.16RC1 with OpenSSL 3.0 (PHP 8.1.15RC1 has already been built with
>>> OpenSSL 1.1.1).
>>> 
>>> Thoughts?  Objections?
>>> 
>>> [1] <https://www.openssl.org/policies/releasestrat.html>
>>> [2] <https://www.php.net/supported-versions.php>
>> 
>> I noticed that PHP 8.1.20 at https://windows.php.net/download/ was built
>> with OpenSSL 1.1.1t and PHP 8.2.7 & 8.3.0 Alpha 1 with OpenSSL 3.0.8. What
>> will be the official policy for 8.1, 8.2 and 8.3? All 3 versions with
>> OpenSSL 3.0.x or 8.1 still with OpenSSL 1.1.1? And none of the three
>> versions with OpenSSL 3.1.x? Please clarify.
> 
> 
> What’s the process for changing this? Do release managers need to change the 
> way we bundle the packages, or does something need to be merged into the 
> PHP-8.1 branch?


Does anyone know the answer to this question?

Cheers,
Ben


Attachment: signature.asc
Description: Message signed with OpenPGP

Reply via email to