Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:70690
Return-Path: <rdlowrey@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 51561 invoked from network); 17 Dec 2013 01:09:34 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Dec 2013 01:09:34 -0000
Authentication-Results: pb1.pair.com smtp.mail=rdlowrey@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=rdlowrey@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.223.178 as permitted sender)
X-PHP-List-Original-Sender: rdlowrey@gmail.com
X-Host-Fingerprint: 209.85.223.178 mail-ie0-f178.google.com  
Received: from [209.85.223.178] ([209.85.223.178:52473] helo=mail-ie0-f178.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id AB/75-32483-E44AFA25 for <internals@lists.php.net>; Mon, 16 Dec 2013 20:09:34 -0500
Received: by mail-ie0-f178.google.com with SMTP id lx4so7659066iec.9
        for <internals@lists.php.net>; Mon, 16 Dec 2013 17:09:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=yFHPwTQrCysxuJJRHDpxy07+SmTNUft+YkMCjz2bYdA=;
        b=mQ2rAl6r2nukCoo7HHsmo5p0nzQ/CNUZWRHO5Rj0+xFGPEbXHgu/q75blC30rvqKI7
         OSq2KAPBGn7UzH5lOG4LL7Li2Mjo95EJgO0wOUSAzSR0cDb9JxEHGaZOZd1PFQLrGWAV
         kIW5TT1jklKCg3lVYG2vja/tzcR/Lf0/P17eYIOs5soOZc1zdQDDgPwtoHwENGKy5Osv
         TrccPWkqp8H3qxq98yWpnVM3bzh3c3/Kusp3R3aNLFOqHuVGSw5yj3f89H4/ybm3A6vQ
         R785O+KVjCSXVCg9KH7wzsfU/ykAznMERF/3MoQl0Yj77erhj4QBH4sHTLJ8XlrlrF9C
         frrA==
MIME-Version: 1.0
X-Received: by 10.43.161.2 with SMTP id me2mr14691876icc.20.1387242571697;
 Mon, 16 Dec 2013 17:09:31 -0800 (PST)
Received: by 10.50.208.105 with HTTP; Mon, 16 Dec 2013 17:09:31 -0800 (PST)
Date: Mon, 16 Dec 2013 20:09:31 -0500
Message-ID: <CAH8MpnkqyjUYaSEcqvLFgJ4R6eJLfrT+yYk9hZ6ZeXWsKiMMzg@mail.gmail.com>
To: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a11c2fa92b4151604edb09477
Subject: Other openssl things
From: rdlowrey@gmail.com (Daniel Lowrey)

--001a11c2fa92b4151604edb09477
Content-Type: text/plain; charset=ISO-8859-1

In addition to the RFC for TLS peer verification here's a heads up for
those interested in some of the recent updates to ext/openssl ... we've had
some quality improvements in the area of TLS encryption and Michael (@m6w6)
has been really helpful getting these PRs merged. I'd have to check to see
what's in 5.5 and what is slated for 5.6 but ...


Peer cert fingerprint comparisons are *really* easy now (insert NSA joke
here):
https://github.com/php/php-src/commit/edd93f34520b550c4c42877fe9e03112cad005ba

Added support for building against OpenSSLv1.0.1 (required for TLS > v1.0):
https://github.com/php/php-src/commit/b026993a74f452c5f6a689124b4ad4d7b3ac2491

Added support for TLSv1.1 and TLSv1.2:
https://github.com/php/php-src/commit/2ddefbd2b3027882490eb997fc7bc13185a67207

Streams may now specify the crypto method (SSLv2, SSLv3, TLS1.0, etc) as a
context option:
https://github.com/php/php-src/commit/ce2789558a970057539094ca9019d98ff09e831e

Peer verification now utilizes the Subject Alternative Name (SAN) X.509
extension:
https://github.com/php/php-src/commit/1970b964430a357d9c9acf01268849d86a99f4ec

--001a11c2fa92b4151604edb09477--