Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:101211
Return-Path: <lists@rhsoft.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 99653 invoked from network); 1 Dec 2017 16:13:11 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 1 Dec 2017 16:13:11 -0000
Authentication-Results: pb1.pair.com header.from=lists@rhsoft.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=lists@rhsoft.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain rhsoft.net designates 91.118.73.15 as permitted sender)
X-PHP-List-Original-Sender: lists@rhsoft.net
X-Host-Fingerprint: 91.118.73.15 mail.thelounge.net  
Received: from [91.118.73.15] ([91.118.73.15:24125] helo=mail.thelounge.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id C4/A3-35031-49F712A5 for <internals@lists.php.net>; Fri, 01 Dec 2017 11:13:10 -0500
Received: from srv-rhsoft.rhsoft.net  (Authenticated sender: h.reindl@thelounge.net) by mail.thelounge.net (THELOUNGE MTA) with ESMTPSA id 3ypK7N6GbszXMb
	for <internals@lists.php.net>; Fri,  1 Dec 2017 17:13:04 +0100 (CET)
To: internals@lists.php.net
References: <a64088a5-e93b-3450-fe8c-8ba6ac9d851a@php.net>
 <CADNQb0VA+-E2B21EZCfzau7v0_0=SeheHB+cxZCsx7RoVNn8jA@mail.gmail.com>
Message-ID: <41630a4e-8772-bdfb-e859-831a36dc67ea@rhsoft.net>
Date: Fri, 1 Dec 2017 17:13:04 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <CADNQb0VA+-E2B21EZCfzau7v0_0=SeheHB+cxZCsx7RoVNn8jA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: de-CH
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] PHP 7.2.0 Released
From: lists@rhsoft.net ("lists@rhsoft.net")



Am 30.11.2017 um 17:41 schrieb Hannes Magnusson:
>> - Improve TLS constants to sane values
> 
> This worries me a lot. Last time someone thought it was a good idea they
> introduced security vulnerability for all apps that used them.

that PHP now instead of ECDHE-RSA-AES128-SHA uses 
ECDHE-RSA-AES128-GCM-SHA256 for TLS connections (and before 7.1 with 
openssl 1.1 it was not able to use ECHDE at all) or that PHP don't let 
the crypto library alone at all?

at least it got better with 7.2