Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:101228
Return-Path: <php@golemon.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 53665 invoked from network); 4 Dec 2017 17:37:01 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Dec 2017 17:37:01 -0000
Authentication-Results: pb1.pair.com header.from=php@golemon.com; sender-id=softfail
Authentication-Results: pb1.pair.com smtp.mail=php@golemon.com; spf=softfail; sender-id=softfail
Received-SPF: softfail (pb1.pair.com: domain golemon.com does not designate 209.85.216.181 as permitted sender)
X-PHP-List-Original-Sender: php@golemon.com
X-Host-Fingerprint: 209.85.216.181 mail-qt0-f181.google.com  
Received: from [209.85.216.181] ([209.85.216.181:41099] helo=mail-qt0-f181.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 2C/42-28358-CB7852A5 for <internals@lists.php.net>; Mon, 04 Dec 2017 12:37:00 -0500
Received: by mail-qt0-f181.google.com with SMTP id i40so22846213qti.8
        for <internals@lists.php.net>; Mon, 04 Dec 2017 09:37:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=golemon-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=ywuEZieOTeJPVEkaLxbchmAza5u5pvg+zbsECvXKL6k=;
        b=uSsDxXUPZf2biPUjCHP5gCnGF+BlgKy1Xi4+HMKYSEGUSh5VwjYt/Ftfi9Dy2qSo5y
         pBgTysdR0FpEHN5CipR1Dv8dVCb2tpd+yt2blD7Q5ZgiWnW2gCNdxniCg2HbGAfhbVzh
         iruwy5xEMgruB5BCCc209xSYm9iqZ4MbMpFZEgApPY2GuspwuQ0DcbRrttq8cToD9BUv
         kArRf9UlLuq4/hMnXdIN6s0GMRRBflYAhfDXBmhCIIfn+Qv7XQTjC7Dtf1g7hkCEACbV
         zgJn80V1axkw0IbLt65EU0WI30BAVXABMgQRGMV2wfThJSXW+IiFSwR/gJeWIMzYI6IY
         vmIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=ywuEZieOTeJPVEkaLxbchmAza5u5pvg+zbsECvXKL6k=;
        b=eRTpR1EqliWqrq3aYgOCMXMnej3Dr9sS6iYdlQipxzSnR2c/Gc2XR1+w1LulIiH29Y
         mw4V5KOU0VOxAA2zWdvA84GLnrm6C0jKZIkyLUWsoOUTujnBbJjhE4wuGD4cJIz8XBh+
         XHay1i4MkyhPPlQJM/StqjS1JtiXY1ESxdXITNFDr+krWB2+WqC1OYsIKBzFIubNGyIg
         exAHe0jBErEgUVYEZwnzyRVfUg2cwTh3Z4X+EXMdIyQwvOKIgJcans4pIVI404Upxcsw
         mv4nwQSzrkhnEROkG/t5Voyv4ClHg8xhlQ3FAMt4Oti6gAtH8zF2N8JLxNN1fqiqV16v
         ghXw==
X-Gm-Message-State: AKGB3mLLCohNXKvLpqyS2Xq06/XLNHPf5d684Dm6WMviasRnw9laJuld
	znzOs33aKb2uutEKBWyzYFoBREYDHnH9ezfGop4HXaLrahA=
X-Google-Smtp-Source: AGs4zMZnMsLn4FxCyZqFZRNF+VjX6kvfHmHZD+pDpaIdMRn+owNbXLivCOLjSrq5HB8okPsXbZX2kMcotPZKajIYYmo=
X-Received: by 10.55.207.151 with SMTP id v23mr20724066qkl.81.1512409017490;
 Mon, 04 Dec 2017 09:36:57 -0800 (PST)
MIME-Version: 1.0
Sender: php@golemon.com
Received: by 10.12.158.145 with HTTP; Mon, 4 Dec 2017 09:36:56 -0800 (PST)
X-Originating-IP: [206.252.215.26]
In-Reply-To: <9f3d28e1-cc6d-d5dc-da04-7e3791070be8@rhsoft.net>
References: <a64088a5-e93b-3450-fe8c-8ba6ac9d851a@php.net> <CADNQb0VA+-E2B21EZCfzau7v0_0=SeheHB+cxZCsx7RoVNn8jA@mail.gmail.com>
 <41630a4e-8772-bdfb-e859-831a36dc67ea@rhsoft.net> <CANUQDCjsz31t-VqbLeUOc-qJd=wzQ8Tbk2UGhY-74xw+JaGHUA@mail.gmail.com>
 <e8b900c3-3d76-9fe0-7b96-3c1f468d160e@rhsoft.net> <CAESVnVqhNgge2dzHTbf1bCR0unGCYwEeDqS2ErWdyK34M26k6g@mail.gmail.com>
 <9f3d28e1-cc6d-d5dc-da04-7e3791070be8@rhsoft.net>
Date: Mon, 4 Dec 2017 12:36:56 -0500
X-Google-Sender-Auth: WFDFHMDdhWC5vha1G5r--7lyL1U
Message-ID: <CAESVnVoWeNdh2R4KROe=CfACQVQJP9sf66iJASPp73nURi9ouw@mail.gmail.com>
To: "lists@rhsoft.net" <lists@rhsoft.net>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [PHP-DEV] PHP 7.2.0 Released
From: pollita@php.net (Sara Golemon)

On Fri, Dec 1, 2017 at 6:35 PM, lists@rhsoft.net <lists@rhsoft.net> wrote:
> the main question is why does PHP need to to *anything* here instead hand
> the TLS handshake completly over to openssl? in that case even PHP5 could
> perfer TLS1.2 ciphers against a sevrer that orders them on top without touch
> any line of PHP's code
>
Because the SSL API in OpenSSL that PHP uses doesn't let you say:
"Just give me the best method you can".

SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
 const SSL_METHOD *SSLv23_method(void);
 const SSL_METHOD *SSLv23_server_method(void);
 const SSL_METHOD *SSLv23_client_method(void);
 const SSL_METHOD *TLSv1_2_method(void);
 const SSL_METHOD *TLSv1_2_server_method(void);
 const SSL_METHOD *TLSv1_2_client_method(void);
 const SSL_METHOD *TLSv1_1_method(void);
 const SSL_METHOD *TLSv1_1_server_method(void);
 const SSL_METHOD *TLSv1_1_client_method(void);
 const SSL_METHOD *TLSv1_method(void);
 const SSL_METHOD *TLSv1_server_method(void);
 const SSL_METHOD *TLSv1_client_method(void);
 #ifndef OPENSSL_NO_SSL3_METHOD
 const SSL_METHOD *SSLv3_method(void);
 const SSL_METHOD *SSLv3_server_method(void);
 const SSL_METHOD *SSLv3_client_method(void);
 #endif
 #ifndef OPENSSL_NO_SSL2
 const SSL_METHOD *SSLv2_method(void);
 const SSL_METHOD *SSLv2_server_method(void);
 const SSL_METHOD *SSLv2_client_method(void);
 #endif

There may be another SSL API that does, but that's more than just "set
the value to any and be done with it".

Pull requests welcome,
-Sara