Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:102369 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 63124 invoked from network); 22 Jun 2018 12:45:42 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Jun 2018 12:45:42 -0000 Authentication-Results: pb1.pair.com smtp.mail=jakub.php@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=jakub.php@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.171 as permitted sender) X-PHP-List-Original-Sender: jakub.php@gmail.com X-Host-Fingerprint: 209.85.161.171 mail-yw0-f171.google.com Received: from [209.85.161.171] ([209.85.161.171:34604] helo=mail-yw0-f171.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 64/7D-32156-F6FEC2B5 for ; Fri, 22 Jun 2018 08:45:36 -0400 Received: by mail-yw0-f171.google.com with SMTP id b125-v6so2349692ywe.1 for ; Fri, 22 Jun 2018 05:45:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=ToxCj9q6oGZ8x+iGtgg/ctbpXy6b6Dlr11GeHxvX1ww=; b=X1GgVeO8R3YBMtBVJYMnFDs4NcEoMsnUlcT0bUyw/XlwoYBURGR32vakOgmxBIktYg TaJ+seFUaP66d+w9AoakNWFyX1iD8Dq/iBWBOojdp+qL55sWNmtdKjM63r2x3aXSOIq4 FP+G8vcr+fYd5Uu1iIw/LIPCbeJ0ikh5mUmrHnTTQECtPwb0H9F5odPwnudN5pZAd8/C T6GAtTvyfq9WLHTEjfjJOIOc7UxJvCHcy55SPeqoHsGGILjURMHb3sX8j/uiJD1wf2BP JoVY6eCNH4NlcXRf5GYSx5lPIjU+6SP+NHL2SXNvMW/5MJHxl71auZJHIvsLUv+EMYlz 7XbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=ToxCj9q6oGZ8x+iGtgg/ctbpXy6b6Dlr11GeHxvX1ww=; b=GBLnyBwI6aPo4wG6jwuYBpgweho2Pf91pQng1x+iDmVp0sh83WrmOslxYblLRwNZeG 4GslEM/p3sXeFip4EC9z6PUzIrnYTqMbiiZQ2SPdA5d2buZCRSrK1eTcRzLI5SWe4Pyv PH+GYGz4r9dqDmVNnGsTSd0r5pYMYyY3zJi4/aVZy4e6ZJ68Am0Hn8Z36qPGfsSwYGom kgbL8MG6cA3jocXoe3E3HdXVvb7v+4ffccRW6wM0gH4L8i9q+OARpiUIChbJLlIjJ7X9 iLmHHAi5hIOd5QpKAbDQYqoSn34cNbZHyKr5apZ3nNOCaanp94fwmOfj3Yf9TyzfoOMe GSjA== X-Gm-Message-State: APt69E2a2wcUjUvPi+26683L+lSn4AXGat6kU1EHH5L51NAndu1JEGIB z4uWTRew+MNYpeAZSFmfn+EJbUZt8CVU8Muj+IsoXA== X-Google-Smtp-Source: ADUXVKJ+hifkOTgcybT/HkyIGsmcxTbCk9QWPUqFe62Vb9am8W0MPcm5CP+mDOZaSwwFOzWeL4KgEIXyf9V+zBtpwj8= X-Received: by 2002:a81:28d7:: with SMTP id o206-v6mr659988ywo.62.1529671533196; Fri, 22 Jun 2018 05:45:33 -0700 (PDT) MIME-Version: 1.0 Sender: jakub.php@gmail.com Received: by 2002:a81:515:0:0:0:0:0 with HTTP; Fri, 22 Jun 2018 05:45:32 -0700 (PDT) Date: Fri, 22 Jun 2018 13:45:32 +0100 X-Google-Sender-Auth: wJ6vX6eoLJ9KJrvCY1PrENNeDAw Message-ID: To: PHP internals list Content-Type: multipart/alternative; boundary="0000000000005bfbd4056f3a68fe" Subject: OpenSSL min and max proto version options From: bukka@php.net (Jakub Zelenka) --0000000000005bfbd4056f3a68fe Content-Type: text/plain; charset="UTF-8" Hi, I just created a PR [1] to add two new options for ssl/tls streams: - min_proto_version - max_proto_version that can be set to one of the new constants: - STREAM_CRYPTO_PROTO_SSLv3 - STREAM_CRYPTO_PROTO_TLSv1_0 - STREAM_CRYPTO_PROTO_TLSv1_1 - STREAM_CRYPTO_PROTO_TLSv1_2 It is basically a range setting which is kind based on the new OpenSSL way to set protocol versions [2]. The main purpose is to have a better alternative to crypto_metod that disallows protocol holes in a more obvious way. In addition the crypto_method is changed to prevent protocol holes and fills missing protocol automatically. More info in the PR. The PR is also pre-step for TLS 1.3 support as it cleans up a protocol version selection and removes some deprecated bits when using OpenSSL 1.1. If there are no objection, I would like to merge it sometimes next week! [1] https://github.com/php/php-src/pull/3317 [2] https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_min_proto_version.html Thanks Jakub --0000000000005bfbd4056f3a68fe--