Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:101251
Return-Path: <walterp@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 69043 invoked from network); 5 Dec 2017 17:34:37 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 5 Dec 2017 17:34:37 -0000
Authentication-Results: pb1.pair.com header.from=walterp@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=walterp@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.170 as permitted sender)
X-PHP-List-Original-Sender: walterp@gmail.com
X-Host-Fingerprint: 209.85.216.170 mail-qt0-f170.google.com  
Received: from [209.85.216.170] ([209.85.216.170:37461] helo=mail-qt0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 9E/F8-11458-BA8D62A5 for <internals@lists.php.net>; Tue, 05 Dec 2017 12:34:35 -0500
Received: by mail-qt0-f170.google.com with SMTP id f2so2624318qtj.4
        for <internals@lists.php.net>; Tue, 05 Dec 2017 09:34:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=kGuuPpnR72EZmbtR+5H3ekYL4FGwx1fipqYKQqceh0Q=;
        b=jgQ0n93s8oP02yedF0e1h0PJgpQdzN2Eq84FHZoZ/SfdUbH41fR8E7SI90Dc7+G9yS
         dMIgDA3mS5nqGYUP0SFnFBm59X87uYGyIE/Ny+FCpp3P1oyzSchvrSYdYSiQ7kPk7zb+
         UaHwS8PYXPgHOgwt8WzWfine5rh/Z2XBvoy7Rhu6xBq3HppW5qHuiYvlTHpgWceOBd71
         hqmWi0QrW9Fp9DbnYr5osNSvD5ZRgJQ75OjCBXHr+BY/VmHlr2fNGxJUfqmuXi1DX2+B
         yZIFgtvqm0SipEgklylDxeCHrMYS9bdhqVJxmqjA9BVtiGd68rcluYqqN3nRlm0uQ3Bn
         Vvxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=kGuuPpnR72EZmbtR+5H3ekYL4FGwx1fipqYKQqceh0Q=;
        b=aPA5axfo+zHs+PHsbEOm/PkJG4wcc9TUp6Cv7hfdMAZVF/4nKkg4h4K28o1XOXs3f6
         7oe9rKFfF8YI9Q/uzCC5q962BZfc8eJvIgSjuAnTNykgT2D01PJ02vmMCCRtTEIVMlXO
         XQBfIfbnuDP7KoBV3dlpzZJ0JSdCUMoJTpjyFO2mnyF4bxmDzLF6cSe/hBYEzFJLkduH
         7fWSiOSBZ/DUZWBnMkN/lNFyTvC2nJ8P193317PJRgWh9bOdOv7BSANT15GoHMclpKOP
         VAXTFwcQL8QwUFK1bmc1rosUxTnbvUxDT/0otd1CVuMz6Bju/lNXvxyT1z1GO0DBjeEa
         pyeg==
X-Gm-Message-State: AKGB3mLyJLOEB8TcaiqgpxugG1683xRIKwa721F10XTZwXZ0h+hqErfO
	LoxaX7qqBe6i7NXOG7bv21oml9fvkU1PITIjq7c=
X-Google-Smtp-Source: AGs4zMaA5ghfVPhJTShqZLCehMggs9qPXtGLudUHJWd+X4gO16p0CHwEy9EDvSMcq/Q3ZWPKeA4Al1CXgRzIixjTkiE=
X-Received: by 10.200.22.209 with SMTP id y17mr2526844qtk.284.1512495273093;
 Tue, 05 Dec 2017 09:34:33 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.154.68 with HTTP; Tue, 5 Dec 2017 09:34:32 -0800 (PST)
In-Reply-To: <f143a0ad-7d1b-d418-a5dc-4892a2c1ddca@rhsoft.net>
References: <a64088a5-e93b-3450-fe8c-8ba6ac9d851a@php.net> <CANUQDCjsz31t-VqbLeUOc-qJd=wzQ8Tbk2UGhY-74xw+JaGHUA@mail.gmail.com>
 <e8b900c3-3d76-9fe0-7b96-3c1f468d160e@rhsoft.net> <CAESVnVqhNgge2dzHTbf1bCR0unGCYwEeDqS2ErWdyK34M26k6g@mail.gmail.com>
 <9f3d28e1-cc6d-d5dc-da04-7e3791070be8@rhsoft.net> <CAESVnVoWeNdh2R4KROe=CfACQVQJP9sf66iJASPp73nURi9ouw@mail.gmail.com>
 <35e8f8c5-8fe0-702b-f304-890cf902b390@rhsoft.net> <b9075c8d-a5e1-8b28-cde7-8a642abaf0d0@rhsoft.net>
 <CANUQDCgEqxAT4+kiTFsg7yxoktZ+upWV6OD7wW9ggME2OMcAfg@mail.gmail.com>
 <CAMPTd_A2DB4_mysLeaTkcNFTZtrseNqWsmtaxjG6E_vPo7ghkg@mail.gmail.com>
 <10a39b35-57e2-d6c4-ea3a-75b47d8df514@rhsoft.net> <CAMPTd_CrBtfh0BwP=_aqjyRV2qwTooDGAd+tU4+5m4cG=bsY4A@mail.gmail.com>
 <465bb952-7272-59fd-2232-10b41cd5efaf@rhsoft.net> <CAMPTd_DZmqQp92D+ZPJaux4vkRasmXh_htOPPdSaQx1+8Z-yDg@mail.gmail.com>
 <02bbe666-d741-9bf0-3f01-760e15eadf11@rhsoft.net> <CAMPTd_Bci1R47G-qgYUOEq8oUCxXKkF7RQMEMWx6d7Ri-_ANPA@mail.gmail.com>
 <f143a0ad-7d1b-d418-a5dc-4892a2c1ddca@rhsoft.net>
Date: Tue, 5 Dec 2017 09:34:32 -0800
Message-ID: <CAMPTd_CNjFD528FKZ6nt58m_9+hgXwnYCH3f6ef=ygDLo7r6Ew@mail.gmail.com>
To: "lists@rhsoft.net" <lists@rhsoft.net>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="94eb2c122a847a2e16055f9b3f74"
Subject: Re: [PHP-DEV] PHP 7.2.0 Released
From: walterp@gmail.com (Walter Parker)

--94eb2c122a847a2e16055f9b3f74
Content-Type: text/plain; charset="UTF-8"

Deleted without reading...

On Tue, Dec 5, 2017 at 9:09 AM, lists@rhsoft.net <lists@rhsoft.net> wrote:

>
>
> Am 05.12.2017 um 17:45 schrieb Walter Parker:
>
>> Lists, I give you the same advice. I know and use SSL Labs, I been a
>> subscriber to Ivan's mailing list for years. Older versions of Openssl had
>> a default list of +ALL, -aNULL, -eNULL as the default list of ciphers
>>
>
> yes
>
> Before DES was removed in the new versions of openssl, that means the list
>> included things like DES and RC4
>>
>
> don't matter because no somehow recent client would have negotiated
> DES/RC4 with a config like below even if the SSLCipherSuite would contain
> RC4/DES at the end of the list
>
> SSLHonorCipherOrder On
> SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:
> ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:
> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDH
> E-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-
> ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-
> AES256-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:
> ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-
> GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:
> DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:
> AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA
>
> That is why server admins always spelled out long lists of ciphers, to
>> guarantee that weak ciphers would not appear on older installs. I found
>> this information by reading the code bases themselves, where did you find
>> your information?
>>
>
> frankly you are saying exactly the same as i did
>
> the point is that for nearly a deacde servers take care of negotiated
> ciphers and when tomorrow one of them like AES-CBC with several
> vulerabilities in the past years becomes problematic like you even was
> advised to prefer RC4 instead block-ciphers for the timewinodow of a large
> amount unfixed clients you can as serveradmin migitate the problem
>
> but only if the client is not PHP which thinks to outsmart client openssl
> as well as servers configuration
>
> this also makes initiatives like https://fedoraproject.org/wiki
> /Changes/CryptoPolicy useless and everything reacts faster than wait for
> the next PHP point release!
>
> I'm done with you. You don't understand and worse you don't want to
>> understand but think you understand. You just admitted to that. Please stop
>> until you get proper training as someone else on this list might make the
>> same mistakes that you are
>>
> yes, please stop to repsond to any of my mails, especially stop offlist
> mails
>
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis

--94eb2c122a847a2e16055f9b3f74--