This is an old revision of the document!
PHP RFC: Distrust SHA-1 Certificates
- Version: 0.1
- Date: 2016-11-25
- Author: Niklas Keller me@kelunik.com
- Status: Draft
- First Published at: http://wiki.php.net/rfc/distrust-sha1-certificates
Introduction
As of 2016-01-01, the CA/B Forum forbids issuing new SHA-1 certificates. The CA/B has advised CAs starting 2015-01-16 to issue no SHA-1 certificates with an expiration date greater than 2017-01-01, as browsers had already announced (see references) to deprecate and remove SHA-1. NIST recommends that SHA-1 should no longer be used for digital signatures. Starting with Java 9, Java will also no longer accept SHA-1 starting 2017-01-01 by default. PHP does not even provide a context option, yet.
Proposal
This RFC proposes to add a new context option that defines the accepted hash functions. This context option defaults to accepting SHA-1 and SHA-256 in PHP 5.6, 7.0 and 7.1. Starting with PHP 7.2, this will default to SHA-256 only.
Backward Incompatible Changes
SHA-1 certificates are no longer accepted by default starting in PHP 7.2. This change already happens to be almost a year late, as PHP 7.2 is expected to be released near 2017-12-01. This change is justified by the new CA/B rules, browser changes and thus industry standards.
Proposed PHP Version(s)
PHP 5.6, 7.0, 7.1 and 7.2. Only 7.2 defaults to the new behavior.
RFC Impact
New Constants
TBD.
Future Scope
Once SHA-256 should be become obsolete, the default can be adjusted accordingly.
Proposed Voting Choices
Requires a 2/3 majority.
Patches and Tests
TBD.
Implementation
TBD.
References
Rejected Features
Keep this updated with features that were discussed on the mail lists.