2017-05-29 12:56 GMT+02:00 Nikita Popov <nikita....@gmail.com>: > On Mon, May 29, 2017 at 9:48 AM, Niklas Keller <m...@kelunik.com> wrote: > >> Morning, >> >> I hereby open the vote on the "Improved SSL / TLS constants" RFC. >> >> This RFC proposes to change PHP's TLS constants to sane values. This >> change >> has been avoided by the previous RFC for PHP 5.6 due to BC reasons. This >> RFCs favors better security instead of backwards compatibility with >> version >> intolerant and out of date servers. >> >> You can find the full RFC here: >> https://wiki.php.net/rfc/improved-tls-constants >> >> Regards, Niklas >> > > I'd really prefer if this RFC targeted current patch branches. I see > minimal BC impact from the change (issues may only arise when communicating > with broken TLS implementations), while *not* making the change is > effectively a BC break as more servers stop supporting TLS 1.0. > > For the lifetime of the 7.0 and 7.1 releases, it appears much more likely > to me that there will be more servers not supporting TLS 1.0 than servers > supporting only TLS 1.0 *and* having a broken version negotiation > implementation. >
Same here, but Anatol suggested releasing this with PHP 7.2 first and if nobody complains, backport it to PHP 7.1 and 7.0. Regards, Niklas
