rfc:distrust-sha1-certificates

This is an old revision of the document!


PHP RFC: Distrust SHA-1 Certificates

Introduction

As of 2016-01-01, the CA/B Forum forbids issuing new SHA-1 certificates. The CA/B has advised CAs starting 2015-01-16 to issue no SHA-1 certificates with an expiration date greater than 2017-01-01, as browsers had already announced (see references) to deprecate and remove SHA-1. NIST recommends that SHA-1 should no longer be used for digital signatures. Starting with Java 9, Java will also no longer accept SHA-1 starting 2017-01-01 by default. PHP does not even provide a context option, yet.

Proposal

This RFC proposes to add a new “ssl” context option (“signature_algorithms”) that defines the accepted algorithms. This context option defaults to SHA-1 and SHA-2 in PHP 5.6, 7.0 and 7.1. Starting with PHP 7.2, this will default to SHA-2 only.

Default for 5.6, 7.0 and 7.1

"RSA+SHA1:DSA+SHA1:ECDSA+SHA1" .
"RSA+SHA224:DSA+SHA224:ECDSA+SHA224:" .
"RSA+SHA256:DSA+SHA256:ECDSA+SHA256:" .
"RSA+SHA384:DSA+SHA384:ECDSA+SHA384:" .
"RSA+SHA512:DSA+SHA512:ECDSA+SHA512"

Default for 7.2

"RSA+SHA224:DSA+SHA224:ECDSA+SHA224:" .
"RSA+SHA256:DSA+SHA256:ECDSA+SHA256:" .
"RSA+SHA384:DSA+SHA384:ECDSA+SHA384:" .
"RSA+SHA512:DSA+SHA512:ECDSA+SHA512"

Backward Incompatible Changes

SHA-1 certificates are no longer accepted by default starting in PHP 7.2. This change already happens to be almost a year late, as PHP 7.2 is expected to be released near 2017-12-01. This change is justified by the new CA/B rules, browser changes and thus industry standards.

Proposed PHP Version(s)

PHP 5.6, 7.0, 7.1 and 7.2. Only 7.2 defaults to the new behavior.

RFC Impact

None expected. Browsers already start on 2017-01-01 with no longer accepting SHA-1 certificates. PHP 7.2 will be released long after 2017-01-01.

Future Scope

Once SHA-2 should be become obsolete, the default can be adjusted accordingly.

Proposed Voting Choices

Requires a 2/3 majority.

Patches and Tests

TBD.

Implementation

TBD.

References

Rejected Features

Keep this updated with features that were discussed on the mail lists.

rfc/distrust-sha1-certificates.1480174359.txt.gz · Last modified: 2017/09/22 13:28 (external edit)