Jakub Zelenka in php.internals (Sun, 27 Nov 2016 19:37:50 +):
>At the time the PHP 7.2 is out, there will be much bigger usage of OpenSSL
>1.1 and the users on lower version could still disable it manually.
I sure hope so. What concerns me is that there is no movement at all to
add OpenSSL 1.1
Jakub Zelenka in php.internals (Sun, 27 Nov 2016 19:37:50 +):
>On Sun, Nov 27, 2016 at 3:17 PM, Niklas Keller wrote:
>> That may be true, but we only raised the minimum requirement for newer
>> versions of PHP. If this is going to be backported for PHP 5.6 / 7.0 / 7.1,
>> we have to support th
>
> Well it depends if it requires feature available only in the later version
>> of OpenSSL which would be the case for the currently proposed version of
>> the RFC that would make use of SSL_CTX_set1_sigalgs_list macro. I don't
>> think that we should parse the string of allowed sig algs and re-
On Sun, Nov 27, 2016 at 3:17 PM, Niklas Keller wrote:
> > SSL_CTX_set1_sigalgs is anyway only supported starting in OpenSSL 1.0.2,
>> > so we need a custom verify callback for older OpenSSL versions. In our
>> own
>> > verify callback we can use a blacklist instead of the suggested
>> whitelist
>
>
> > SSL_CTX_set1_sigalgs is anyway only supported starting in OpenSSL 1.0.2,
> > so we need a custom verify callback for older OpenSSL versions. In our
> own
> > verify callback we can use a blacklist instead of the suggested whitelist
> > by default.
> >
> >
> No need to add support for 1.0.1 as
On Sun, Nov 27, 2016 at 2:22 PM, Niklas Keller wrote:
>
>
> 2016-11-27 14:09 GMT+01:00 Jakub Zelenka :
>
>>
>>
>> On Sun, Nov 27, 2016 at 1:06 PM, Jakub Zelenka wrote:
>>
>>>
>>>
>>> On Sat, Nov 26, 2016 at 3:49 PM, Niklas Keller wrote:
>>>
Morning Internals,
I plan to distrust S
2016-11-27 14:09 GMT+01:00 Jakub Zelenka :
>
>
> On Sun, Nov 27, 2016 at 1:06 PM, Jakub Zelenka wrote:
>
>>
>>
>> On Sat, Nov 26, 2016 at 3:49 PM, Niklas Keller wrote:
>>
>>> Morning Internals,
>>>
>>> I plan to distrust SHA-1 certificates by default in PHP 7.2. All major
>>> browsers will no lo
On Sun, Nov 27, 2016 at 1:06 PM, Jakub Zelenka wrote:
>
>
> On Sat, Nov 26, 2016 at 3:49 PM, Niklas Keller wrote:
>
>> Morning Internals,
>>
>> I plan to distrust SHA-1 certificates by default in PHP 7.2. All major
>> browsers will no longer trust SHA-1 certificates starting already
>> 2017-01-0
On Sat, Nov 26, 2016 at 3:49 PM, Niklas Keller wrote:
> Morning Internals,
>
> I plan to distrust SHA-1 certificates by default in PHP 7.2. All major
> browsers will no longer trust SHA-1 certificates starting already
> 2017-01-01.
>
> Unfortunately, PHP doesn't even provide a way yet to limit th
>
> I would propose making a constant for default value. This way if your
> code wants to use that option is a generic way, there is a value to fall
> back on, and you don't need to keep around a long string that can be
> mis-copied, etc.
>
A constant for the default value doesn't make much sense
Hi!
> You can read the full RFC in the wiki:
> https://wiki.php.net/rfc/distrust-sha1-certificates
I would propose making a constant for default value. This way if your
code wants to use that option is a generic way, there is a value to fall
back on, and you don't need to keep around a long strin
Morning Internals,
I plan to distrust SHA-1 certificates by default in PHP 7.2. All major
browsers will no longer trust SHA-1 certificates starting already
2017-01-01.
Unfortunately, PHP doesn't even provide a way yet to limit the accepted
algorithms for certificates. The RFC fixes that and intro
12 matches
Mail list logo
