Hi Jakub, > -----Original Message----- > From: jakub....@gmail.com [mailto:jakub....@gmail.com] On Behalf Of Jakub > Zelenka > Sent: Wednesday, July 13, 2016 9:11 PM > To: PHP internals list <internals@lists.php.net> > Subject: [PHP-DEV] Dropping SSL2 in 7.1 > > Hi, > > It's been already proposed by Remi using PR [1] so sending it here as well. > I would like to proceed and drop SSL2 support from PHP. Effectively it means > dropping ssl2 stream as it's not already negotiated by default. > > It's been dropped in OpenSSL 1.1 and we don't already support it with 1.0.2. > Considering that I will be merging dropping support for 0.9.8 and > 1.0.0 shortly, it leaves just 1.0.1 that would support it. Considering also > the > possible security issues, I think there is no reason to keep it. > > Please let me know if any objections. > > [1] https://github.com/php/php-src/pull/1826 > To be mentioned, even the currently active OpenSSL branches disable SSLv2 by default nowadays. Here's the info https://openssl.org/news/secadv/20160301.txt
Regards Anatol -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
