Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:101214 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 15326 invoked from network); 1 Dec 2017 21:49:30 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 1 Dec 2017 21:49:30 -0000 Authentication-Results: pb1.pair.com smtp.mail=php@golemon.com; spf=softfail; sender-id=softfail Authentication-Results: pb1.pair.com header.from=php@golemon.com; sender-id=softfail Received-SPF: softfail (pb1.pair.com: domain golemon.com does not designate 209.85.216.182 as permitted sender) X-PHP-List-Original-Sender: php@golemon.com X-Host-Fingerprint: 209.85.216.182 mail-qt0-f182.google.com Received: from [209.85.216.182] ([209.85.216.182:33962] helo=mail-qt0-f182.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 7E/40-09988-96EC12A5 for ; Fri, 01 Dec 2017 16:49:29 -0500 Received: by mail-qt0-f182.google.com with SMTP id 33so14853116qtv.1 for ; Fri, 01 Dec 2017 13:49:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=golemon-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=Bz+h/v8ASRQEa2H/tNcUHt5+LdmTIpJFtYWReou21HY=; b=vHR06RyzMYeX1cg/MsdUz4aP33r4zkKVDHQfJQYa7kkH4oewWtVaZys4/yvNe2cZnL EKa4JHbgc/Jtr/BvJEx+yOQzhXcPL6WIR0Vz1sF5C9Y576PsV5RN0PucSWaWIpxfUcZe eo3ldXex7S/msWe9fw/6ZQUPCYqzFq4Y/kJhMdd+iRgNQ5Egs7vtzPspFe29eVIzupmT AgTFLMaILYgBz3VVGqAtAeWLQVAXVbgfF2ea7XoyEmG1LdOpM6edtHAlIXxe9n47c/7g 9g8EIu0ggeal9BjD5euM+C+z6DF46dRALYwY16SN9Jh/Q8EAHEkHfHg3zT+101IE4HTh fiXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=Bz+h/v8ASRQEa2H/tNcUHt5+LdmTIpJFtYWReou21HY=; b=clhSeA36diZvUQqj9S1gSl7VNYIEGqR94LBxeWM6us7o+az2uHShjwWz7WzMlwPPiA QKPcZ1L21RVvf3InpAW7WPI6ORmv1Sk/p8P3IsMUjtbK6eBn6XHCRFFZ6GxFR/1RgDG3 JwmNeUg5efHQS/8EwgmYY1mbosIgAz8Tp6ALMBFlysv9czvRMMRp5g2eC7aXYVdPxJya KulU25lpGFVtoT9SwLgVJR5Lw8efdaun0XIgyHC4s2dhetjR5s/FxogTfBtdIArOAKlu dJYjSe+MNMATj9cnOBGvMM8fK6+a/OcwA7rGUi8+1fDFCP4giVA3S4zYvBJ2eKU4/GXD DoGw== X-Gm-Message-State: AKGB3mJIMLJeAlk5J2qU6NZRTEdNedocnMiEtgDZckyZXlfcS7YguWd5 hywin4vYi7rZNy5G17UdzQRpj3h/fkya3xwKk8ZNvVd2 X-Google-Smtp-Source: AGs4zMY8/OqmEpWh1T2awmHNPDZ70ztP26ki84tlzMQi7tYH0MsUga7I5KtnZHo/3gMWSQpspuTxD9hF1w3VX90FXS4= X-Received: by 10.237.58.167 with SMTP id o36mr11628129qte.333.1512164965933; Fri, 01 Dec 2017 13:49:25 -0800 (PST) MIME-Version: 1.0 Sender: php@golemon.com Received: by 10.12.158.145 with HTTP; Fri, 1 Dec 2017 13:49:25 -0800 (PST) X-Originating-IP: [206.252.215.26] In-Reply-To: References: <41630a4e-8772-bdfb-e859-831a36dc67ea@rhsoft.net> Date: Fri, 1 Dec 2017 16:49:25 -0500 X-Google-Sender-Auth: 0aNIK4UJPGPMwj3up34jOg_qCfY Message-ID: To: "lists@rhsoft.net" Cc: PHP Internals Content-Type: text/plain; charset="UTF-8" Subject: Re: [PHP-DEV] PHP 7.2.0 Released From: pollita@php.net (Sara Golemon) On Fri, Dec 1, 2017 at 11:52 AM, lists@rhsoft.net wrote: > yes and since nobody ever sould override the defaults in application code > for obvious reasons that's the problem, you shouldn't mangle with openssl > defaults in general and let openssl do the handshake which will end in the > server side perferred cipher and so in the most secure > > what PHP does is making encryption weaker as it hsould be > Um. Did you look at the diff in question? The old default was tls 1.0 only, the new default is tls 1.0, 1.1, or 1.2. The new default allows OpenSSL to negotiate for a preferred method where it couldn't before. The change literally does the opposite of what you're talking about. -Sara