Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:70759
Return-Path: <martin@divbyzero.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 83358 invoked from network); 19 Dec 2013 19:29:21 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 19 Dec 2013 19:29:21 -0000
Authentication-Results: pb1.pair.com smtp.mail=martin@divbyzero.net; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=martin@divbyzero.net; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain divbyzero.net from 87.230.111.147 cause and error)
X-PHP-List-Original-Sender: martin@divbyzero.net
X-Host-Fingerprint: 87.230.111.147 mx.bauer-kirch.de Linux 2.6
Received: from [87.230.111.147] ([87.230.111.147:40052] helo=mx.bauer-kirch.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 38/75-42949-F0943B25 for <internals@lists.php.net>; Thu, 19 Dec 2013 14:29:20 -0500
Received: by mx.bauer-kirch.de with ESMTP id 1VtjHX-0001lD-Jw; Thu, 19 Dec 2013 20:29:15 +0100
Received: from martin by scalar.home with local (Exim 4.74)
	(envelope-from <martin@divbyzero.net>)
	id 1VtjHX-0000Pd-DF; Thu, 19 Dec 2013 20:29:15 +0100
Date: Thu, 19 Dec 2013 20:29:15 +0100
To: Adam Harvey <aharvey@php.net>
Cc: Daniel Lowrey <rdlowrey@gmail.com>,
	"internals@lists.php.net" <internals@lists.php.net>
Message-ID: <20131219192914.GA721@scalar.divbyzero.net>
References: <CAH8MpnkecZ5eEPBpkmn+qTr8GcbRy3o3nDJYcSe4DFEM3-nj9A@mail.gmail.com>
 <CADajX4CqPKH3Aogok658+LJVV2jN7DCB_GTX9g2WwrqEvKAEGw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CADajX4CqPKH3Aogok658+LJVV2jN7DCB_GTX9g2WwrqEvKAEGw@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [PHP-DEV] Default https encryption wrapper
From: martin@divbyzero.net (Martin Jansen)

On Thu Dec 19, 2013 at 10:1042AM -0800, Adam Harvey wrote:
> On 19 December 2013 06:39, Daniel Lowrey <rdlowrey@gmail.com> wrote:
> > To me, this change is a necessary one. Most users should not notice the
> > change as TLSv1.0 is well established and supported by *virtually* all
> > servers. Default to the more secure protocols here would dovetail nicely
> > alongside the other security enhancements in 5.6.
> 
> I think we should do it. It will need to be documented clearly, and
> hopefully we can put a good error message on top of this for users who
> do run into problems with SSLv3-only servers, but I think the increase

I agree with that. Part of the reasoning for my change to
stream_context_set_option() that Daniel mentions was to make it
possible to swap the default transport in the future while giving
people a way to go back to the old SSLv23 behaviour if they really
need it.

- Martin