> Hi, > > Sorry to have not detect this problem at RFC time, but the new hardcoded > cipher list, cause some trouble in Fedora. > > See: https://bugs.php.net/68074 > http://fedoraproject.org/wiki/Changes/CryptoPolicy > https://fedoraproject.org/wiki/User:Nmav/CryptoPolicies > https://wiki.php.net/rfc/improved-tls-defaults#default_ciphers > > And the simple patch > https://bugs.php.net/patch-display.php?bug_id=68074&patch=system-ciphers.patch&revision=latest > > If no objection, plan to apply this quite soon in 5.6+
This is sensible to me. It gives distros the ability to fine-tune crypto ciphers in accordance with their own policies and legal requirements. This has been an issue for RHEL at least in the past with regard to elliptic curve ciphers. Adding the compile directive would protect users by default with the new ciphers without causing problems for those adhering to specific organization/institutional requirements.
