Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:125910 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id D07761A00BD for ; Tue, 5 Nov 2024 16:44:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1730825245; bh=Nx3szuYcW91/Yivys4w2P98cSNirZKnyoCRUF3h67J8=; h=References:In-Reply-To:Reply-To:From:Date:Subject:To:From; b=g4dIyQ0lofC5HauzokUdzfuEqzsCDDJGEY9Vkglp9w0z3KqY2fawoeTLCaKwmqHLb tWg104+33xFTuRdJ7itgBhE1hQgV1Lmq+QjslZplMl13x4HoTW9qmCxq+gViUR6vB2 6vPnEmknqX6SrCsln21nKI+lf/HnHjHRPesRZ8HlSTYKau46vBBj5sABF8R/0aQFAL LXkG2dQN31y4vfh/WvKJuVJFHAyJhJjTwnVmD/6GG8IOhywUj8AF2hX/6iiEDP962f jZLUAooap254JqKqYpzaI/U0mirfTe5B7gijEXmHFxYemFsK+93AX2JngeBYnSkxzW NvEW4agHoZWXw== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id AFD5D18007D for ; Tue, 5 Nov 2024 16:47:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: * X-Spam-Status: No, score=1.6 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,FREEMAIL_FROM, FREEMAIL_REPLYTO,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from mail-il1-f177.google.com (mail-il1-f177.google.com [209.85.166.177]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 5 Nov 2024 16:47:24 +0000 (UTC) Received: by mail-il1-f177.google.com with SMTP id e9e14a558f8ab-3a3b4663e40so19418255ab.2 for ; Tue, 05 Nov 2024 08:44:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730825092; x=1731429892; darn=lists.php.net; h=content-transfer-encoding:to:subject:message-id:date:from:reply-to :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Nx3szuYcW91/Yivys4w2P98cSNirZKnyoCRUF3h67J8=; b=GX2NCU5QVbVQzYXAetQqkvQ4NHqJKpwRAo+PvwMKIxz29Kt8SLtlmO9ypycUe7PnFG gbaHwn1mVFyTi7jsYhbz+PfZnbLTTRzZdWU43hMAwK02olwQ1gY1jCgmJyph6FaRhyT+ amx/Ep/tL1DLTHcbI5cixlE0lDvrxwaOsAip85d9DUWsVhUcLpZOs4HziJ1o7fWUxSUx ZcoC8c4zjEd7/erHTtTlqqGtjliKNOfCBUN8shIF0LXDLhgLKHiWjEcal7UDIvWRY7/3 3vXbRtgZX43e6fFFDHh7m3c+lWCyMga7LYTlA1dv61RxthQ7pMpoNnscA2WG/b4Dv5sk W8Zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730825092; x=1731429892; h=content-transfer-encoding:to:subject:message-id:date:from:reply-to :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Nx3szuYcW91/Yivys4w2P98cSNirZKnyoCRUF3h67J8=; b=pQvePrf8XosRGPRMKID5Vh2e3jXVGuXOYOefzk9HXUaHdzzn+1jKAq1oVeDmhTEgDg ZSp97hfAr8GoNnn/ICR3GSA4B2hManq3LYqgF26grSvr32y82zlVP6LNZ/M07EPCBQD+ 308nkibjadqstOCXryyHWF2Lpe9+jU654+nipCv96KwhuggxQng76FvWFWoWc5r/35Eg cWczcB8LNNoiaEu1m0O5R4wnQrIGZoR1JNnSwUIjpVDFVJNMUKh+k2ZdfRbybyy0zdJd SqqbpB+bBTJoGIhZtEAOvr579CHLeeot/txUT4C5a6JIEK7YraAG3d7cpCODj2Nn6GZj 6+9Q== X-Gm-Message-State: AOJu0Ywzl2SWSHEqoxxrIdFmifUJ5bS8m4AxU8oD/azbvVSHZ6mFlsZG wPJrn6ghHsHgBWjec2X91pLxt49vNOwGio4Q6NB5lAptVk4VmGrXSU258vcE5QpjftqBt/TD2Ub VXpSz26+UyyEqynQhFhSCLzhpZ7l3ND+P X-Google-Smtp-Source: AGHT+IGLo6vE8INi/I8ReM+QciBdEjBYo/CyUTyJYmhsdEJBn5oV/CgsVi1p+yk9XMLgmMUsJF2s+LkuKoDbe5FNUJU= X-Received: by 2002:a05:6e02:1a8c:b0:39d:2939:3076 with SMTP id e9e14a558f8ab-3a6b0394ec1mr148189175ab.25.1730825091970; Tue, 05 Nov 2024 08:44:51 -0800 (PST) Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net x-ms-reactions: disallow MIME-Version: 1.0 References: <6e533102b9a2e9c8f6a2183440b2601a@bastelstu.be> <9dd47a928fd4dc673a137c6433cd3130@bastelstu.be> In-Reply-To: <9dd47a928fd4dc673a137c6433cd3130@bastelstu.be> Reply-To: erictnorris@gmail.com Date: Tue, 5 Nov 2024 11:44:36 -0500 Message-ID: Subject: Re: [PHP-DEV] [VOTE] Add persistent curl share handles To: PHP internals Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable From: eric.t.norris@gmail.com (Eric Norris) > > Here's a pull request indicating that the curl team considers TLS > > reuse safe: https://github.com/curl/curl/pull/1917. I believe they > > consider it a vulnerability if you are able to make curl incorrectly > > reuse a TLS session with differing TLS settings. > > Thank you. That would be useful to include in the =E2=80=9CReferences=E2= =80=9D section > of the RFC. Changing that one even during the vote seems legal to me, > because it does not change the actual proposal. I've added a reference and a 'Safety' subheading to explicitly call out your concern with CURL_LOCK_DATA_COOKIE, and to note that CURL_LOCK_DATA_CONNECT is safe per that pull request. As you noted, I have not changed the actual proposal, so I hope that this is okay. Thanks, Eric