Newsgroups: php.internals,php.internals.win Path: news.php.net Xref: news.php.net php.internals:119305 php.internals.win:1263 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 40747 invoked from network); 18 Jan 2023 12:20:46 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 18 Jan 2023 12:20:46 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id D854A180511; Wed, 18 Jan 2023 04:20:43 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_20,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS8560 212.227.0.0/16 X-Spam-Virus: No X-Envelope-From: Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS; Wed, 18 Jan 2023 04:20:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1674044442; bh=Qx7fE4Cca51t17+joksM/P0zgX8qfzPFLJ2my/m6XMU=; h=X-UI-Sender-Class:Date:To:From:Subject; b=OQCER7wIx59YMguVOQACZcbVKlWldWxXnovnkJK3aprrlj/QOTfTR1k8fo16Vljj1 fadlyrI8ICrfyNuCxB8PZ8EAN372H9wI45atXQnhtkdymtfCvLFTilDrKqHcctn5pl Lz96zqC8lT9P4m1K0dGDpLAQXzStDgRNSoM5+zg65G+l/Rz4GxcmOchew315dqnOqH SOQ2C5p6R6Mnd7rZr/3G6V2s6XioBzKOHxm3YlY2aAo620CR1cdLhWKGanp6ax4lGe QzjGghiZu4hV3TrjYT+fSHMp6UlARHDv+IjsBPoojkBYjO7Pbir/N4S193iJGJ1TGZ iCxcLkT0xdLsg== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from [192.168.2.130] ([79.220.87.202]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MpUYu-1ox4QY01Nc-00pswW; Wed, 18 Jan 2023 13:20:42 +0100 Message-ID: <989f473a-010b-5a2b-017c-f8fb00467c14@gmx.de> Date: Wed, 18 Jan 2023 13:20:41 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 To: PHP internals , internals-win Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:xP8Vn3xw/BOv+H8uniaPiG39hmtIzbLqKAC+LcoXibSu1ku6YJU qIWkrcvP0EQB9erw23dp38deTQAXVmNrgoSgNbQN7FHcmbUGgVUZO0stTQ0isa9nAfDS5in OV32xvQl/Yrr7gDpThoo5FlcIV9LopaCnytKq7cwojH5hxAn4BZj5ROtxSI3j3a+KmFZLSQ PXfcGQhkHmUhVy2YqDsFw== UI-OutboundReport: notjunk:1;M01:P0:mlUvqoGsuAc=;yd903X5y9W0CJ2n61QabJyQI9gD q6U9aUFgiqY0fTXm/1lk4Aol893bUhaT2sPEaFbuKcsGXxd36Csz6hy+Q4bRQORSW0B1JX8jM wSxMGUQjFHaZeAcorndZKuhP24HCsL9PfQWax7CrDg4EtBLZvJReZ0OK2Qg/F6NL2TMjXIDLx NwHTJ/VZAY3Q8slHF32CmfOn3PV5glKVpdPnIC4c43MlHjO4Q2+lqkz7ep+6ENdwmyJ3rAvff +MMzR280z/4siQQfVAaE12vKhGYV1THDfbvJ2TAvh0h+Gwsz9521pGfGM8ovpY6WVwvYlMRsr 6GZI874Zo9xKLBBx+LEqBj1SUABwk2dbt4ehJcTwMtoCB3NG3Zke+rXpCHwjbL7VsfxlwPgrH tInrbpjvQjMVyWuIibGsV228sBekbtTmfSxQKlwtj1uN4Hz/HKPY+iS9KxektMicAzIxb6Tyq MU58VfdHBa2/uPDkN7tP7Y2tXSAhaRhdBZwo82zcPD/J4mXK9K8p/2lH8yGWbFFt4IKz3ZIA3 oddqExbwOJJVOGgRuibP2xTd3Vz48Nzawjg0VuZ9mAe9HMmzyiqNo/v5rAldAwVTZ9G/pR7K/ dCF5HJheeOBoOP81wpzn73l7K5et9VkZWN8AdO1rgEh+gScEsdSaGHyxXB5NbvVqIpjIxb5sO lbu5KwWVzBKmXXj8rcdCIiAWo2gmcgjPnclGnSpIiez9JoBoZVwTdW9vtXDzU5Kgh8QwhxaWz BBwmLiElSsys8UNL86mwS8G6/c4MtQxMciZxuWCPir9X4PqRWwcg723+KwhAt4bVOvxQYSrKp uaf+EKefdi8391n6AeFtSRSsLwbOitB9Hu4l0q+EGdeaRs9tFW0oSu6LBKuM2Ah5nYwEz2BzH OBXaUHupdlejGWq1ePgH6mcQKqKc7/1ISJ8gAykJ5tHTBEYEB0VpuOg5U89xfT9l4LRvG8X14 xvGO3e3Tcy5B6axt+5Cbp6VrTWo= Subject: PHP 8.1 and OpenSSL From: cmbecker69@gmx.de ("Christoph M. Becker") Hi all! While the official builds for PHP 8.2 already use OpenSSL 3.0, the PHP 8.1 builds are still using OpenSSL 1.1.1. However, OpenSSL 1.1.1 is only supported till 2023-09-11[1], while PHP 8.1 is supported till 2024-11-25[2]. Although I don't like bumping the OpenSSL version in the middle of PHP 8.1's lifetime, I suppose it is necessary to avoid falling behind security support. And if we do that bump, we better do it sooner than later. So, if there are no unforeseen problems, I suggest to build PHP 8.1.16RC1 with OpenSSL 3.0 (PHP 8.1.15RC1 has already been built with OpenSSL 1.1.1). Thoughts? Objections? [1] [2] =2D- Christoph M. Becker