On Fri, Dec 1, 2017 at 6:35 PM, li...@rhsoft.net <li...@rhsoft.net> wrote: > the main question is why does PHP need to to *anything* here instead hand > the TLS handshake completly over to openssl? in that case even PHP5 could > perfer TLS1.2 ciphers against a sevrer that orders them on top without touch > any line of PHP's code > Because the SSL API in OpenSSL that PHP uses doesn't let you say: "Just give me the best method you can".
SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); const SSL_METHOD *SSLv23_method(void); const SSL_METHOD *SSLv23_server_method(void); const SSL_METHOD *SSLv23_client_method(void); const SSL_METHOD *TLSv1_2_method(void); const SSL_METHOD *TLSv1_2_server_method(void); const SSL_METHOD *TLSv1_2_client_method(void); const SSL_METHOD *TLSv1_1_method(void); const SSL_METHOD *TLSv1_1_server_method(void); const SSL_METHOD *TLSv1_1_client_method(void); const SSL_METHOD *TLSv1_method(void); const SSL_METHOD *TLSv1_server_method(void); const SSL_METHOD *TLSv1_client_method(void); #ifndef OPENSSL_NO_SSL3_METHOD const SSL_METHOD *SSLv3_method(void); const SSL_METHOD *SSLv3_server_method(void); const SSL_METHOD *SSLv3_client_method(void); #endif #ifndef OPENSSL_NO_SSL2 const SSL_METHOD *SSLv2_method(void); const SSL_METHOD *SSLv2_server_method(void); const SSL_METHOD *SSLv2_client_method(void); #endif There may be another SSL API that does, but that's more than just "set the value to any and be done with it". Pull requests welcome, -Sara -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
