PHP RFC: Distrust SHA-1 Certificates

• Version: 0.1
• Date: 2016-11-25
• Author: Niklas Keller me@kelunik.com
• Status: Draft
• First Published at: http://wiki.php.net/rfc/distrust-sha1-certificates

As of 2016-01-01, the CA/B Forum forbids issuing new SHA-1 certificates. The CA/B has advised CAs starting 2015-01-16 to issue no SHA-1 certificates with an expiration date greater than 2017-01-01, as browsers had already announced (see references) to deprecate and remove SHA-1. NIST recommends that SHA-1 should no longer be used for digital signatures. Starting with Java 9, Java will also no longer accept SHA-1 starting 2017-01-01 by default. PHP does not even provide a context option, yet.

This RFC proposes to add a new context option that defines the accepted hash functions. This context option defaults to accepting SHA-1 and SHA-256 in PHP 5.6, 7.0 and 7.1. Starting with PHP 7.2, this will default to SHA-256 only.

SHA-1 certificates are no longer accepted by default starting in PHP 7.2. This change already happens to be almost a year late, as PHP 7.2 is expected to be released near 2017-12-01. This change is justified by the new CA/B rules, browser changes and thus industry standards.

PHP 5.6, 7.0, 7.1 and 7.2. Only 7.2 defaults to the new behavior.

TBD.

Once SHA-256 should be become obsolete, the default can be adjusted accordingly.

Requires a 2/3 majority.

TBD.

TBD.

• https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html
• https://cabforum.org/pipermail/public/2015-October/006121.html
• https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/
• http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf
• http://openjdk.java.net/jeps/288

Keep this updated with features that were discussed on the mail lists.