On Mon, May 29, 2017 at 9:48 AM, Niklas Keller <m...@kelunik.com> wrote:
> Morning, > > I hereby open the vote on the "Improved SSL / TLS constants" RFC. > > This RFC proposes to change PHP's TLS constants to sane values. This change > has been avoided by the previous RFC for PHP 5.6 due to BC reasons. This > RFCs favors better security instead of backwards compatibility with version > intolerant and out of date servers. > > You can find the full RFC here: > https://wiki.php.net/rfc/improved-tls-constants > > Regards, Niklas > I'd really prefer if this RFC targeted current patch branches. I see minimal BC impact from the change (issues may only arise when communicating with broken TLS implementations), while *not* making the change is effectively a BC break as more servers stop supporting TLS 1.0. For the lifetime of the 7.0 and 7.1 releases, it appears much more likely to me that there will be more servers not supporting TLS 1.0 than servers supporting only TLS 1.0 *and* having a broken version negotiation implementation. Nikita
