Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:101235
Return-Path: <walterp@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 71539 invoked from network); 4 Dec 2017 21:53:12 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Dec 2017 21:53:12 -0000
Authentication-Results: pb1.pair.com smtp.mail=walterp@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=walterp@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.175 as permitted sender)
X-PHP-List-Original-Sender: walterp@gmail.com
X-Host-Fingerprint: 209.85.216.175 mail-qt0-f175.google.com  
Received: from [209.85.216.175] ([209.85.216.175:40963] helo=mail-qt0-f175.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id DF/25-28358-7C3C52A5 for <internals@lists.php.net>; Mon, 04 Dec 2017 16:53:11 -0500
Received: by mail-qt0-f175.google.com with SMTP id i40so24622435qti.8
        for <internals@lists.php.net>; Mon, 04 Dec 2017 13:53:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
        bh=sk8owGwLZUo2aSEYc6BPxPbWnSfFCe/DnQHVL+/ip+E=;
        b=hiPeNVuLeHmaCXg9YNCmoUPY/Es1u11yZwXVs4XG3jBCZ1Frx9iWMoRkgsehKx38uQ
         gK9IygAZhWmxEzGrwjgRGFoYyPsvn5A+W3D7mXS4/H0KGctI+mA0QR+N4F8OL6+pKI+R
         r4N4FmkmhrkCipXxQDrxPoEuSNeDRMAzASe6Gt/fWfD0d7WhLHU/JsDNTWp3Fl7LUsQb
         FictMfjL/LfuGcc0OPgiso8ak2dynOwTRNdyonlwhsotOn7FoGyd3a3p9ea7iyRNQ6c5
         IUL19QD1vFMmOQ2nd1MW/wU0tC7TgQKDYOJloR5lhGZvojqmNzNNNn47w0YBzaWy5Chy
         pD8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to;
        bh=sk8owGwLZUo2aSEYc6BPxPbWnSfFCe/DnQHVL+/ip+E=;
        b=j4xPyD2qMjLPdW4PSrRjHq73NGCY8AmB8ITeVADUab6DjKut/e6kCYGN3XxHD6iaGT
         ULGBe/a1TFce8qbzozApUZlw2lsQv4vC+p2OuxT5B2B5CAPO0ToQhvZH3vujt+4C+dGS
         XVPvKV50xAc0gZF5o2UOfJH6m3wluu5vkKA3zf20sTxKXV6kQrOhsBObhRpp2WTWiBtU
         FIABIjQlrt3pbLMXxjkbxsYkWcQzSIRygTSc3H2z+S34SJfmIWQutU6AeiiARXY118Bn
         UuItt2qkJ7i88AmvkhNfqnS5is00EX69PHOM3hHXOnN6GVulrqZULNRWCT/UqoE74tT7
         3opQ==
X-Gm-Message-State: AKGB3mJ9MKVG4IZPwsHnAxL0Fu0Sst+aaRLrXXuiskvEG9dhEkVt2DMS
	LKgTer5UzjgnTAyDRiZwR9SasqYJxXyKAZVGnKxNVA==
X-Google-Smtp-Source: AGs4zMY8bVSjF+ELD2W2/sxqFvZFggt/onkElC8J9+ElCNhgHVXKuxGZz4bpg30X7f2NSXkYOWju8YJPrIc015PiafE=
X-Received: by 10.200.22.209 with SMTP id y17mr230978qtk.284.1512424388780;
 Mon, 04 Dec 2017 13:53:08 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.154.68 with HTTP; Mon, 4 Dec 2017 13:53:08 -0800 (PST)
In-Reply-To: <CANUQDCgEqxAT4+kiTFsg7yxoktZ+upWV6OD7wW9ggME2OMcAfg@mail.gmail.com>
References: <a64088a5-e93b-3450-fe8c-8ba6ac9d851a@php.net> <CADNQb0VA+-E2B21EZCfzau7v0_0=SeheHB+cxZCsx7RoVNn8jA@mail.gmail.com>
 <41630a4e-8772-bdfb-e859-831a36dc67ea@rhsoft.net> <CANUQDCjsz31t-VqbLeUOc-qJd=wzQ8Tbk2UGhY-74xw+JaGHUA@mail.gmail.com>
 <e8b900c3-3d76-9fe0-7b96-3c1f468d160e@rhsoft.net> <CAESVnVqhNgge2dzHTbf1bCR0unGCYwEeDqS2ErWdyK34M26k6g@mail.gmail.com>
 <9f3d28e1-cc6d-d5dc-da04-7e3791070be8@rhsoft.net> <CAESVnVoWeNdh2R4KROe=CfACQVQJP9sf66iJASPp73nURi9ouw@mail.gmail.com>
 <35e8f8c5-8fe0-702b-f304-890cf902b390@rhsoft.net> <b9075c8d-a5e1-8b28-cde7-8a642abaf0d0@rhsoft.net>
 <CANUQDCgEqxAT4+kiTFsg7yxoktZ+upWV6OD7wW9ggME2OMcAfg@mail.gmail.com>
Date: Mon, 4 Dec 2017 13:53:08 -0800
Message-ID: <CAMPTd_A2DB4_mysLeaTkcNFTZtrseNqWsmtaxjG6E_vPo7ghkg@mail.gmail.com>
To: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="94eb2c122a847168c4055f8abe90"
Subject: Re: [PHP-DEV] PHP 7.2.0 Released
From: walterp@gmail.com (Walter Parker)

--94eb2c122a847168c4055f8abe90
Content-Type: text/plain; charset="UTF-8"

On Mon, Dec 4, 2017 at 1:43 PM, Niklas Keller <me@kelunik.com> wrote:

> >
> > and to be clear here:
> >
> > a client when connecting to a server configured like below has to respect
> > the cipher order of the server while
> > https://www.ssllabs.com/ssltest/ exists for years to give dministrators
> > of the server some help and which clients are using which cipher
> >
>
> Just minor nitpicking to get the facts right: A client does never respect
> the used cipher order of the server. A client offers a number of ciphers
> and the server chooses one of those, either based on its own order
> (preferred) or based on the client-preferred order.
>
> If you know other programs doing it better, research how they do it and
> propose a change to PHP please.
>
> Regards, Niklas
>

That's good news. Given that openssl 1.1.0 only shipped late last year, I
fail to see how this has been an failure in PHP for many years for not
using a recent feature in openssl.
Looking at the sources for ab.c, it appears to do things like PHP. The
protocol level is hard coded to one value (SSL_METHOD
*SSLv23_method(void);)
There is a command line override (-Z protocol) that allows the protocol
selection to be changed to TLS1, TLS1.1, TLS1.2, or TLS1+TLS1.1+TLS1.2.

Lists, could you please clarify what PHP should learn from how ab does TLS?


Walter



-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis

--94eb2c122a847168c4055f8abe90--