Hi, I just created a PR [1] to add two new options for ssl/tls streams: - min_proto_version - max_proto_version
that can be set to one of the new constants: - STREAM_CRYPTO_PROTO_SSLv3 - STREAM_CRYPTO_PROTO_TLSv1_0 - STREAM_CRYPTO_PROTO_TLSv1_1 - STREAM_CRYPTO_PROTO_TLSv1_2 It is basically a range setting which is kind based on the new OpenSSL way to set protocol versions [2]. The main purpose is to have a better alternative to crypto_metod that disallows protocol holes in a more obvious way. In addition the crypto_method is changed to prevent protocol holes and fills missing protocol automatically. More info in the PR. The PR is also pre-step for TLS 1.3 support as it cleans up a protocol version selection and removes some deprecated bits when using OpenSSL 1.1. If there are no objection, I would like to merge it sometimes next week! [1] https://github.com/php/php-src/pull/3317 [2] https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_min_proto_version.html Thanks Jakub
