Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:101212 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 2293 invoked from network); 1 Dec 2017 16:44:33 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 1 Dec 2017 16:44:33 -0000 Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.221 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.221 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.221] ([81.169.146.221:35973] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D6/04-35031-FE6812A5 for ; Fri, 01 Dec 2017 11:44:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1512146668; s=domk; d=kelunik.com; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:X-RZG-CLASS-ID:X-RZG-AUTH:Accept-Language: Auto-Submitted:Cc:Date:From:Message-ID:References:Reply-To:Resent-Cc: Resent-Date:Resent-From:Resent-To:Sender:Subject:To: Content-Alternative:Content-Description:Content-Disposition: Content-Duration:Content-Features:Content-ID:Content-Language: Content-Location:Content-MD5:Content-Transfer-Encoding:Content-Type: MIME-Version; bh=hOnlVMW5A0K00y9pFlbxf3GhAmA8E56AqTnlczpCMfY=; b=EkL1xWin/XrD7vQQKcGe6u3lzj1DylSHD40MM2yXTEmOXjzPGAI/eU56oc1cHjRmB8 CAFfADrQ8VRDiLqxDvP68/c/5pHqWcMpnO6Rf1jj4ZrZUUBxtWqtNWi1MaxIesJnMxox KKl4KcF8OVGDecmhODW6E2CX4Frw1URL9b1cQ= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mlsGbEv0XHBzMIJSS+jKTzde5mDb8AaBUcZi8scA== X-RZG-CLASS-ID: mo00 Received: by mail-yb0-f180.google.com with SMTP id s46so4224340ybi.8 for ; Fri, 01 Dec 2017 08:44:28 -0800 (PST) X-Gm-Message-State: AJaThX73bwrLO93E4Nxs5MgtV8acv7PQMCQmiB1YXMYNptBF72AdN/p5 7OnplpgCkoKAUhod3TP6TlkfYGpTGxFLvBYDcVk= X-Google-Smtp-Source: AGs4zMamX+RgP8kuzL+MqYivR9EnwbeVTxd/KtZN+ioYABhDxlsnyscEY7lFgZXT5ArKI3S9Gq/xyEYUX9QA+FmvrPY= X-Received: by 10.37.177.13 with SMTP id g13mr1089606ybj.297.1512146667682; Fri, 01 Dec 2017 08:44:27 -0800 (PST) MIME-Version: 1.0 References: <41630a4e-8772-bdfb-e859-831a36dc67ea@rhsoft.net> In-Reply-To: <41630a4e-8772-bdfb-e859-831a36dc67ea@rhsoft.net> Date: Fri, 01 Dec 2017 16:44:17 +0000 X-Gmail-Original-Message-ID: Message-ID: To: lists@rhsoft.net Cc: PHP Internals Content-Type: multipart/alternative; boundary="f403045f29a6f9c7de055f4a142d" Subject: Re: [PHP-DEV] PHP 7.2.0 Released From: me@kelunik.com (Niklas Keller) --f403045f29a6f9c7de055f4a142d Content-Type: text/plain; charset="UTF-8" lists@rhsoft.net schrieb am Fr., 1. Dez. 2017, 17:13: > > > Am 30.11.2017 um 17:41 schrieb Hannes Magnusson: > >> - Improve TLS constants to sane values > > > > This worries me a lot. Last time someone thought it was a good idea they > > introduced security vulnerability for all apps that used them. > > that PHP now instead of ECDHE-RSA-AES128-SHA uses > ECDHE-RSA-AES128-GCM-SHA256 for TLS connections (and before 7.1 with > openssl 1.1 it was not able to use ECHDE at all) or that PHP don't let > the crypto library alone at all? > > at least it got better with 7.2 > We only changed the defaults in 7.2, it was possible to use the same features before, except for the security level. Regards, Niklas > --f403045f29a6f9c7de055f4a142d--