Re: [PHP-DEV] PHP 7.2.0 Released

2017-12-01 Thread li...@rhsoft.net
Am 02.12.2017 um 02:08 schrieb Walter Parker: Lists, I fail to see how Sara was wrong and you are right. In the old PHP, it was TLS 1.0 bad enough In the new PHP. it is TLS 1.2, TLS1.1, TLS1.3 you surely meant 1.0 instead 1.3 here When TLS1.3 comes out, old PHP will use only TLS1.0. <-

Re: [PHP-DEV] PHP 7.2.0 Released

2017-12-01 Thread Walter Parker
On Fri, Dec 1, 2017 at 3:35 PM, li...@rhsoft.net wrote: > > > Am 01.12.2017 um 22:49 schrieb Sara Golemon: > >> On Fri, Dec 1, 2017 at 11:52 AM, li...@rhsoft.net >> wrote: >> >>> yes and since nobody ever sould override the defaults in application code >>> for obvious reasons that's the problem,

Re: [PHP-DEV] PHP 7.2.0 Released

2017-12-01 Thread li...@rhsoft.net
Am 01.12.2017 um 22:49 schrieb Sara Golemon: On Fri, Dec 1, 2017 at 11:52 AM, li...@rhsoft.net wrote: yes and since nobody ever sould override the defaults in application code for obvious reasons that's the problem, you shouldn't mangle with openssl defaults in general and let openssl do the

Re: [PHP-DEV] PHP 7.2.0 Released

2017-12-01 Thread Sara Golemon
On Fri, Dec 1, 2017 at 11:52 AM, li...@rhsoft.net wrote: > yes and since nobody ever sould override the defaults in application code > for obvious reasons that's the problem, you shouldn't mangle with openssl > defaults in general and let openssl do the handshake which will end in the > server sid

Re: [PHP-DEV] PHP 7.2.0 Released

2017-12-01 Thread li...@rhsoft.net
Am 01.12.2017 um 17:44 schrieb Niklas Keller: li...@rhsoft.net > schrieb am Fr., 1. Dez. 2017, 17:13: Am 30.11.2017 um 17:41 schrieb Hannes Magnusson: >> - Improve TLS constants to sane values > > This worries me a lot. La

Re: [PHP-DEV] PHP 7.2.0 Released

2017-12-01 Thread Niklas Keller
li...@rhsoft.net schrieb am Fr., 1. Dez. 2017, 17:13: > > > Am 30.11.2017 um 17:41 schrieb Hannes Magnusson: > >> - Improve TLS constants to sane values > > > > This worries me a lot. Last time someone thought it was a good idea they > > introduced security vulnerability for all apps that used th

Re: [PHP-DEV] PHP 7.2.0 Released

2017-12-01 Thread li...@rhsoft.net
Am 30.11.2017 um 17:41 schrieb Hannes Magnusson: - Improve TLS constants to sane values This worries me a lot. Last time someone thought it was a good idea they introduced security vulnerability for all apps that used them. that PHP now instead of ECDHE-RSA-AES128-SHA uses ECDHE-RSA-AES128