rfc:improved-tls-constants

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
rfc:improved-tls-constants [2017/05/15 09:04] – created kelunikrfc:improved-tls-constants [2017/09/22 13:28] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== PHP RFC: Improved SSL / TLS constants ====== ====== PHP RFC: Improved SSL / TLS constants ======
-  * Version: 0.1+  * Version: 0.1.1
   * Date: 2017-05-15   * Date: 2017-05-15
   * Author: Niklas Keller, me@kelunik.com   * Author: Niklas Keller, me@kelunik.com
-  * Status: Under Discussion+  * Status: Merged to 7.2
   * First Published at: http://wiki.php.net/rfc/improved-tls-constants   * First Published at: http://wiki.php.net/rfc/improved-tls-constants
  
Line 13: Line 13:
   * Make ''<nowiki>ssl://</nowiki>'' an alias of ''<nowiki>tls://</nowiki>''   * Make ''<nowiki>ssl://</nowiki>'' an alias of ''<nowiki>tls://</nowiki>''
   * Make ''<nowiki>STREAM_CRYPTO_METHOD_TLS_*</nowiki>'' constants default to TLSv1.0 + TLSv1.1 + TLSv1.2 instead of TLSv1.0 only   * Make ''<nowiki>STREAM_CRYPTO_METHOD_TLS_*</nowiki>'' constants default to TLSv1.0 + TLSv1.1 + TLSv1.2 instead of TLSv1.0 only
 +
 +''<nowiki>STREAM_CRYPTO_METHOD_TLS_*</nowiki>'' will be changed in the future when newer versions of TLS are available without going through the RFC process.
 +
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
-This might break connection attempts to TLS servers with only TLS 1.0 enabled and that are version intolerant at the same time. This also breaks ''<nowiki>ssl://</nowiki>'' wrapper connections if only SSL is supported by the remote host, but no TLS.+This might break connection attempts to TLS servers with only TLS 1.0 enabled and that are version intolerant at the same time. This also breaks ''<nowiki>ssl://</nowiki>'' wrapper connections if only SSL is supported by the remote host, but no TLS. While strongly discouraged, an explicit context option passing ''<nowiki>STREAM_CRYPTO_METHOD_SSLv2_* | STREAM_CRYPTO_METHOD_SSLv3_* | STREAM_CRYPTO_METHOD_TLS</nowiki>'' can be used to restore the old behavior.
  
 ===== Proposed PHP Version(s) ===== ===== Proposed PHP Version(s) =====
Line 23: Line 26:
 In the future ''<nowiki>STREAM_CRYPTO_METHOD_SSLv23_CLIENT</nowiki>'' should be deprecated and SSL support completely removed. In the future ''<nowiki>STREAM_CRYPTO_METHOD_SSLv23_CLIENT</nowiki>'' should be deprecated and SSL support completely removed.
  
-===== Proposed Voting Choices ===== +===== Voting ===== 
-This will be a simple 50%+1 vote with yes and no options.+This is a simple 50%+1 vote with yes and no options. The voting started on 29th of May 2017 and will end on 5th of June 2017. 
 + 
 +<doodle title="Improved SSL / TLS constants" auth="kelunik" voteType="single" closed="true"> 
 +   * Yes 
 +   * No 
 +</doodle>
  
 ===== Patches and Tests ===== ===== Patches and Tests =====
   * https://github.com/php/php-src/pull/2518   * https://github.com/php/php-src/pull/2518
 +  * https://github.com/php/php-src/commit/bec91e1117fd3527897cde2f8a26eab9a20fa3dc
  
 ===== References ===== ===== References =====
   * https://externals.io/thread/864   * https://externals.io/thread/864
rfc/improved-tls-constants.1494839040.txt.gz · Last modified: 2017/09/22 13:28 (external edit)