Am 29.05.2017 um 09:48 schrieb Niklas Keller:
Morning,
I hereby open the vote on the "Improved SSL / TLS constants" RFC.
This RFC proposes to change PHP's TLS constants to sane values. This change
has been avoided by the previous RFC for PHP 5.6 due to BC reasons. This
RFCs favors better security instead of backwards compatibility with version
intolerant and out of date servers.
You can find the full RFC here:
https://wiki.php.net/rfc/improved-tls-constants
Make tls:// default to TLSv1.0 + TLSv1.1 + TLSv1.2
this is nice for a limited timeframe but the wrong approach to begin
with - it is *not* the business of PHP at all until *explicit* requested
from the uselrand code to interfer with *anything* in context of the TLS
handshake
it's the job of the underlying openssl library, how it is built and
shipped by the distribution becaus ethey you support implicit TLS1.3 and
a future TLS1.4, don't weaken things like
https://fedoraproject.org/wiki/Changes/CryptoPolicy and respect san
econfigured servers which are regulary checked with
https://www.ssllabs.com/ssltest/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
