Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:71743
Return-Path: <rdlowrey@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 68628 invoked from network); 29 Jan 2014 19:10:10 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 29 Jan 2014 19:10:10 -0000
Authentication-Results: pb1.pair.com smtp.mail=rdlowrey@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=rdlowrey@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.177 as permitted sender)
X-PHP-List-Original-Sender: rdlowrey@gmail.com
X-Host-Fingerprint: 209.85.213.177 mail-ig0-f177.google.com  
Received: from [209.85.213.177] ([209.85.213.177:58478] helo=mail-ig0-f177.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id E8/62-52228-01259E25 for <internals@lists.php.net>; Wed, 29 Jan 2014 14:10:09 -0500
Received: by mail-ig0-f177.google.com with SMTP id k19so5321422igc.4
        for <internals@lists.php.net>; Wed, 29 Jan 2014 11:10:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=iEz/EziUaEK6Tft6CyXoPkC0XYykrp80COUnSCUy0WE=;
        b=AhaLoAyWKIfDWENvUsvalbu3njVWHu3920WE51i226+UMhKrL9lO/Te9bFMrBk1P3y
         oIey3+oI2hTpsij3Glg+M7OEZxo+35pC3spOHYpOe7j0MTcLwUDPsqcv1r5UWMlzYYLI
         YocPVZkMGMR9Rt82QuCYsepQYdYiRzBP/v292a+qrUGwb6BFHzwIXg+2jNcSj9/jl2lB
         J67VObYs1uisidtwWR3Rz2ESyFzUZN+dAEFSnuIUkbVXLf2gsizzWLPvUoManT5iuSSI
         g+WtkfHnDWDWx6Bcd9dCc0OFB669avl1All8aRhNzws8p6EVvuZ+3Jo3Yl1Ek0DVQirY
         Er/A==
MIME-Version: 1.0
X-Received: by 10.43.143.211 with SMTP id jn19mr7629289icc.0.1391022605823;
 Wed, 29 Jan 2014 11:10:05 -0800 (PST)
Received: by 10.50.29.140 with HTTP; Wed, 29 Jan 2014 11:10:05 -0800 (PST)
Date: Wed, 29 Jan 2014 14:10:05 -0500
Message-ID: <CAH8MpnmVnYiw7nJ11v+h=31+p+HBopBjJ80afpZkW-bW1LJb2A@mail.gmail.com>
To: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a11c2f1ac4b745804f120b06d
Subject: Re: Improved TLS Defaults
From: rdlowrey@gmail.com (Daniel Lowrey)

--001a11c2f1ac4b745804f120b06d
Content-Type: text/plain; charset=ISO-8859-1

Hello internals!

I've added a major new section to the Improved TLS Defaults RFC which can
be found here:

https://wiki.php.net/rfc/improved-tls-defaults#stream_wrapper_creep

I was initially hesitant to include these changes in the RFC because they
have no BC implications. However, upon further contemplation I think the
proposed deprecations in the new "Stream Wrapper Creep" section are
important to incorporate as part of the larger theme of improving the
default level of TLS security in 5.6. In my opinion it's only sensible to
apply as many TLS improvements as possible in one release instead of
stringing them out across multiples.

I don't yet have a patch publicly available however I've implemented all of
the proposed changes locally without failures in the existing test suite.
The relevant patch will be made available once I'm able to add new tests
for the proposed functionality.

As usual, any and all comments are welcome and appreciated.

Cheers!
Daniel

--001a11c2f1ac4b745804f120b06d--