This is an old revision of the document!
PHP RFC: Distrust SHA-1 Certificates
- Version: 0.1
- Date: 2016-11-25
- Author: Niklas Keller firstname.lastname@example.org
- Status: Draft
- First Published at: http://wiki.php.net/rfc/distrust-sha1-certificates
As of 2016-01-01, the CA/B Forum forbids issuing new SHA-1 certificates. The CA/B has advised CAs starting 2015-01-16 to issue no SHA-1 certificates with an expiration date greater than 2017-01-01, as browsers had already announced (see references) to deprecate and remove SHA-1. NIST recommends that SHA-1 should no longer be used for digital signatures. Starting with Java 9, Java will also no longer accept SHA-1 starting 2017-01-01 by default. PHP does not even provide a context option, yet.
This RFC proposes to add a new context option that defines the accepted hash functions. This context option defaults to accepting SHA-1 and SHA-256 in PHP 5.6, 7.0 and 7.1. Starting with PHP 7.2, this will default to SHA-256 only.
Backward Incompatible Changes
SHA-1 certificates are no longer accepted by default starting in PHP 7.2. This change already happens to be almost a year late, as PHP 7.2 is expected to be released near 2017-12-01. This change is justified by the new CA/B rules, browser changes and thus industry standards.
Proposed PHP Version(s)
PHP 5.6, 7.0, 7.1 and 7.2. Only 7.2 defaults to the new behavior.
Once SHA-256 should be become obsolete, the default can be adjusted accordingly.
Proposed Voting Choices
Requires a 2/3 majority.
Patches and Tests
- https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html - https://cabforum.org/pipermail/public/2015-October/006121.html - https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/ - http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf - http://openjdk.java.net/jeps/288
Keep this updated with features that were discussed on the mail lists.