Am 30.11.2017 um 17:41 schrieb Hannes Magnusson:
- Improve TLS constants to sane values
This worries me a lot. Last time someone thought it was a good idea they
introduced security vulnerability for all apps that used them.
that PHP now instead of ECDHE-RSA-AES128-SHA uses
ECDHE-RSA-AES128-GCM-SHA256 for TLS connections (and before 7.1 with
openssl 1.1 it was not able to use ECHDE at all) or that PHP don't let
the crypto library alone at all?
at least it got better with 7.2
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
