Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:101229 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 57034 invoked from network); 4 Dec 2017 18:18:49 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Dec 2017 18:18:49 -0000 Authentication-Results: pb1.pair.com smtp.mail=lists@rhsoft.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=lists@rhsoft.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain rhsoft.net designates 91.118.73.15 as permitted sender) X-PHP-List-Original-Sender: lists@rhsoft.net X-Host-Fingerprint: 91.118.73.15 mail.thelounge.net Received: from [91.118.73.15] ([91.118.73.15:40323] helo=mail.thelounge.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 99/D2-28358-581952A5 for ; Mon, 04 Dec 2017 13:18:46 -0500 Received: from srv-rhsoft.rhsoft.net (Authenticated sender: h.reindl@thelounge.net) by mail.thelounge.net (THELOUNGE MTA) with ESMTPSA id 3yrCmx0mZkzXMR for ; Mon, 4 Dec 2017 19:18:41 +0100 (CET) To: "internals@lists.php.net >> Mailing-List php" References: <41630a4e-8772-bdfb-e859-831a36dc67ea@rhsoft.net> <9f3d28e1-cc6d-d5dc-da04-7e3791070be8@rhsoft.net> Message-ID: <35e8f8c5-8fe0-702b-f304-890cf902b390@rhsoft.net> Date: Mon, 4 Dec 2017 19:18:40 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: de-CH Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] PHP 7.2.0 Released From: lists@rhsoft.net ("lists@rhsoft.net") Am 04.12.2017 um 18:36 schrieb Sara Golemon: > On Fri, Dec 1, 2017 at 6:35 PM, lists@rhsoft.net wrote: >> the main question is why does PHP need to to *anything* here instead hand >> the TLS handshake completly over to openssl? in that case even PHP5 could >> perfer TLS1.2 ciphers against a sevrer that orders them on top without touch >> any line of PHP's code >> > Because the SSL API in OpenSSL that PHP uses doesn't let you say: > "Just give me the best method you can" > > There may be another SSL API that does, but that's more than just "set > the value to any and be done with it" and how does other software like the apache benchmark tool "ab" this for as long as i can think which is also linked against openssl? [harry@srv-rhsoft:~]$ ab -c 1 -n 1 https://localhost/ This is ApacheBench, Version 2.3 <$Revision: 1807734 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking localhost (be patient).....done Server Software: Server Hostname: localhost Server Port: 443 SSL/TLS Protocol: TLSv1.2,ECDHE-ECDSA-AES128-GCM-SHA256,256,128 TLS Server Name: localhost ______________________ [harry@srv-rhsoft:~]$ ldd /usr/bin/ab linux-vdso.so.1 (0x00007ffd015cc000) libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007fb83e962000) libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007fb83e4d7000) libaprutil-1.so.0 => /lib64/libaprutil-1.so.0 (0x00007fb83ed96000) libapr-1.so.0 => /lib64/libapr-1.so.0 (0x00007fb83ed5a000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb83e2b8000) libm.so.6 => /lib64/libm.so.6 (0x00007fb83dfa2000) libc.so.6 => /lib64/libc.so.6 (0x00007fb83dbcd000) libz.so.1 => /lib64/libz.so.1 (0x00007fb83d9b6000) libdl.so.2 => /lib64/libdl.so.2 (0x00007fb83d7b2000) libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fb83d5ad000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fb83d377000) libexpat.so.1 => /lib64/libexpat.so.1 (0x00007fb83d144000) /lib64/ld-linux-x86-64.so.2 (0x00007fb83ebce000) libgomp.so.1 => /lib64/libgomp.so.1 (0x00007fb83cf15000) libfreebl3.so => /lib64/libfreebl3.so (0x00007fb83cd12000)