Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:119307 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 47344 invoked from network); 18 Jan 2023 13:40:40 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 18 Jan 2023 13:40:40 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id BA8BC180548; Wed, 18 Jan 2023 05:40:37 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-yw1-f180.google.com (mail-yw1-f180.google.com [209.85.128.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS; Wed, 18 Jan 2023 05:40:37 -0800 (PST) Received: by mail-yw1-f180.google.com with SMTP id 00721157ae682-4c131bede4bso467495497b3.5; Wed, 18 Jan 2023 05:40:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=L7gRMIkPrEY08CsofasbYVVpWpQa3mLzkxCsSbnrkAc=; b=HoQtTBczT8ZMxCQ7cDs3f51USB8dT7F93PMMmhi+rZ1pczAWxR79wjLk2z0e3fJ1Oj gcQ3w9vsfBYbNJYQrQbUisXFynO5ma6heivwgpAeRhMvIwhr7p69ZDKvOwPASev9vuNt ATXJTeQtJi6YSIs/CGMlYiOKOs5RCXBc94mfhKQRIKNGwg03hdHjgO8z37iGf/3W2Fvt MSVQbzHOv4n0X/N6h8Tuf+7ckir5mtTuQRDVN47vASK+TAxJxPquTiW7pJ0qbBUQmCAI youe+qQZ85O4BFExuf70QLuyoQ4mrHWGQI5cgSJ/xLO8MFX8W8gxgjv+zHc0CTjX/pv3 VPpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=L7gRMIkPrEY08CsofasbYVVpWpQa3mLzkxCsSbnrkAc=; b=auu+msi7VHf6d8iwD75CPNFIzuoWqqCA0z7OG5aKEziYmkshnv711rbELhMqvfU5St dm/WiyMYCB5MgFSgXgOC4b6axmHrjD4I5C6dnLpPYIqKpTEnIcQJ5s3YRpXzoiGOcxWU w/x4iqxOXLK/uKBrp65To/h6xgdXmM2vePSIg8tjXlc/5Bz8mb6Q1wbybjyuSdhmyyhl zhVYe7d4nKAZLmkJoobD0Q8xTjzh8+IMkP1J5hX/YN3/850SOZHhTNkZ7xfTjMmNyqHw QgaPCzJUaDOSub8959l5aqfhiouLqxWiQ01rCvc1ONm+qO0DM7W75rvZ1uzP4XYUZzwx NEvA== X-Gm-Message-State: AFqh2kqkgqbB4tIO3hRHkglylHK7QZp8oF+j6usQd3cxBmd3N40X0Mr5 PwOUROZLPHQo/gzeu5W8lIXQplGLkdNOKon0ZJ/kbkCC+nw= X-Google-Smtp-Source: AMrXdXs6qCfmTNFCzgx+Ql7PL3Hw7/lMGB4gCAcW5ugBT1/n3E1tJQG5SLrObGCyqKmSHzyDrjcvJjMwYeCzZ1emulQ= X-Received: by 2002:a81:746:0:b0:4ee:3139:89e0 with SMTP id 67-20020a810746000000b004ee313989e0mr810035ywh.419.1674049236590; Wed, 18 Jan 2023 05:40:36 -0800 (PST) MIME-Version: 1.0 References: <989f473a-010b-5a2b-017c-f8fb00467c14@gmx.de> In-Reply-To: <989f473a-010b-5a2b-017c-f8fb00467c14@gmx.de> Date: Wed, 18 Jan 2023 14:39:59 +0100 Message-ID: To: "Christoph M. Becker" Cc: PHP internals , internals-win Content-Type: text/plain; charset="UTF-8" Subject: Re: [PHP-DEV] PHP 8.1 and OpenSSL From: divinity76@gmail.com (Hans Henrik Bergan) +1, we don't want to bundle and maintain and monkey-patch 1.1.1 ourselves for 14.4 months, which I guess would be the alternative. On Wed, 18 Jan 2023 at 13:20, Christoph M. Becker wrote: > > Hi all! > > While the official builds for PHP 8.2 already use OpenSSL 3.0, the PHP > 8.1 builds are still using OpenSSL 1.1.1. However, OpenSSL 1.1.1 is > only supported till 2023-09-11[1], while PHP 8.1 is supported till > 2024-11-25[2]. Although I don't like bumping the OpenSSL version in the > middle of PHP 8.1's lifetime, I suppose it is necessary to avoid falling > behind security support. And if we do that bump, we better do it sooner > than later. > > So, if there are no unforeseen problems, I suggest to build PHP > 8.1.16RC1 with OpenSSL 3.0 (PHP 8.1.15RC1 has already been built with > OpenSSL 1.1.1). > > Thoughts? Objections? > > [1] > [2] > > -- > Christoph M. Becker > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php >