Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:71769
Return-Path: <rdlowrey@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 22991 invoked from network); 30 Jan 2014 03:15:14 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 30 Jan 2014 03:15:14 -0000
Authentication-Results: pb1.pair.com header.from=rdlowrey@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=rdlowrey@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.181 as permitted sender)
X-PHP-List-Original-Sender: rdlowrey@gmail.com
X-Host-Fingerprint: 209.85.213.181 mail-ig0-f181.google.com  
Received: from [209.85.213.181] ([209.85.213.181:63613] helo=mail-ig0-f181.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 88/4C-52228-0C3C9E25 for <internals@lists.php.net>; Wed, 29 Jan 2014 22:15:13 -0500
Received: by mail-ig0-f181.google.com with SMTP id j1so6285245iga.2
        for <internals@lists.php.net>; Wed, 29 Jan 2014 19:15:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=YeLyxLsEUvDlQQLeJI0mG6iiVxzC4fAw3IRlha/1YMQ=;
        b=R1xtJh0yf6HjHjP7fvpdZLD7GmQT/u/VWJx73yP9bDNE0kQAE9vESnnpem9koZxLiO
         goDLt1V3PWUljZqSs+2O0ZYNyREs4jXXpEUyQ578K/pUMSrx2FRpRDHB2Q9N5kNEANLb
         B1M/LhdN9wsWBl2V9jabUdDMHdcZEX9zZcMaQb0lEKY3ev84Qgjw8eYBLH8hz0Hx6a0l
         zf2B/IxFCoKV+Kcpd8wz9ug1fYDRe7ucvyPleZYIihvrsf6ajt2ED2Qz+vcdwf9bQS+0
         ExDMmoj8kZBofD4EjG2V1dfQ1lrAlEMyucJdFIel9hTs90tC9ZfHBblzB+r22TMEkxwK
         3GzA==
MIME-Version: 1.0
X-Received: by 10.43.103.5 with SMTP id dg5mr69159icc.50.1391051710062; Wed,
 29 Jan 2014 19:15:10 -0800 (PST)
Received: by 10.50.29.140 with HTTP; Wed, 29 Jan 2014 19:15:09 -0800 (PST)
In-Reply-To: <CALwr1GnCqXZUk5zDfmtBa8cqmZS9qiGxVtc0JAbpShsJPodhtw@mail.gmail.com>
References: <CAH8MpnmVnYiw7nJ11v+h=31+p+HBopBjJ80afpZkW-bW1LJb2A@mail.gmail.com>
	<CALwr1GnCqXZUk5zDfmtBa8cqmZS9qiGxVtc0JAbpShsJPodhtw@mail.gmail.com>
Date: Wed, 29 Jan 2014 22:15:09 -0500
Message-ID: <CAH8Mpn=1OMhKjMPAFGQ6hF309zFN4=ZFMZc06ZQvT8S2vX4hJw@mail.gmail.com>
To: =?ISO-8859-1?Q?P=E1draic_Brady?= <padraic.brady@gmail.com>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=bcaec5171b930ae58604f12777cc
Subject: Re: [PHP-DEV] Re: Improved TLS Defaults
From: rdlowrey@gmail.com (Daniel Lowrey)

--bcaec5171b930ae58604f12777cc
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Wed, Jan 29, 2014 at 7:16 PM, P=E1draic Brady wrote:

> I think we should hold off on throwing errors until v3 drops to a
> more negligible level. The current supported range on Firefox,
> for example, has a minimum of SSLv3. Yes, this is hardly
> paradise, but so long as we're negotiated from TLS 1.2 down
> (presumably the case at present!) then we should let users
> accept the risk for SSLv3 only sites without kicking up too much
> of a fuss for now.

After thinking about it a bit I think I agree on this front and will strike
the recommendations for E_WARNING from the RFC. However, I so still think
it makes sense to issue an E_DEPRECATED on the use of the sslv2:// and
sslv3:// stream wrappers in an effort to funnel users into the more
generalized ssl:// and tls:// wrappers. As I mentioned in the updated RFC
text I think it makes sense to deprecate the specific wrappers in 5.6 and
look to remove them in 5.7 as they're really unnecessary in light of the
ability to specify flags for the specific individual protocols you wish to
use on a given stream.

--bcaec5171b930ae58604f12777cc--