On Mon, Dec 4, 2017 at 5:36 PM, Sara Golemon <poll...@php.net> wrote:
> On Fri, Dec 1, 2017 at 6:35 PM, li...@rhsoft.net <li...@rhsoft.net> wrote: > > the main question is why does PHP need to to *anything* here instead hand > > the TLS handshake completly over to openssl? in that case even PHP5 could > > perfer TLS1.2 ciphers against a sevrer that orders them on top without > touch > > any line of PHP's code > > > Because the SSL API in OpenSSL that PHP uses doesn't let you say: > "Just give me the best method you can". > > SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); > const SSL_METHOD *SSLv23_method(void); > const SSL_METHOD *SSLv23_server_method(void); > const SSL_METHOD *SSLv23_client_method(void); > const SSL_METHOD *TLSv1_2_method(void); > const SSL_METHOD *TLSv1_2_server_method(void); > const SSL_METHOD *TLSv1_2_client_method(void); > const SSL_METHOD *TLSv1_1_method(void); > const SSL_METHOD *TLSv1_1_server_method(void); > const SSL_METHOD *TLSv1_1_client_method(void); > const SSL_METHOD *TLSv1_method(void); > const SSL_METHOD *TLSv1_server_method(void); > const SSL_METHOD *TLSv1_client_method(void); > #ifndef OPENSSL_NO_SSL3_METHOD > const SSL_METHOD *SSLv3_method(void); > const SSL_METHOD *SSLv3_server_method(void); > const SSL_METHOD *SSLv3_client_method(void); > #endif > #ifndef OPENSSL_NO_SSL2 > const SSL_METHOD *SSLv2_method(void); > const SSL_METHOD *SSLv2_server_method(void); > const SSL_METHOD *SSLv2_client_method(void); > #endif > > There may be another SSL API that does, but that's more than just "set > the value to any and be done with it". > Yep there is SSL_CTX_set_min_proto_version and SSL_CTX_set_max_proto_version in OpenSSL 1.1.0+ which is the preferred way how to set the protocol. The version specific method are all now deprecated and should not be used. I have got it on my TODO list so hopefully will find time to implement it. It would be ideal to just introduce min and max protocol version context options for tls and possibly ssl (which is tls alias now) streams. It is of course backportable to 1.0.1 and 1.0.2 using SSL_OP_NO_* which is how it is basically working now but for 1.1.0+ it will use more flexible min and max. I think it would also make sense to deprecate tlsv* and sslv* streams but don't feel so strongly about it. The c part implementation is not too difficult but we should probably improve and extend the version tests (that are really slow atm.) so it might take a bit. Anyway I really hope to have it in 7.3. Cheers Jakub
