Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72476
Return-Path: <smalyshev@sugarcrm.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 28219 invoked from network); 11 Feb 2014 21:16:37 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 11 Feb 2014 21:16:37 -0000
Authentication-Results: pb1.pair.com header.from=smalyshev@sugarcrm.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@sugarcrm.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain sugarcrm.com designates 108.166.43.99 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@sugarcrm.com
X-Host-Fingerprint: 108.166.43.99 smtp99.ord1c.emailsrvr.com Linux 2.6
Received: from [108.166.43.99] ([108.166.43.99:54454] helo=smtp99.ord1c.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id BF/CD-62230-2339AF25 for <internals@lists.php.net>; Tue, 11 Feb 2014 16:16:35 -0500
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp5.relay.ord1c.emailsrvr.com (SMTP Server) with ESMTP id 161091B04EE;
	Tue, 11 Feb 2014 16:16:32 -0500 (EST)
X-Virus-Scanned: OK
Received: by smtp5.relay.ord1c.emailsrvr.com (Authenticated sender: smalyshev-AT-sugarcrm.com) with ESMTPSA id D44731B04F4;
	Tue, 11 Feb 2014 16:16:29 -0500 (EST)
Message-ID: <52FA932D.5050504@sugarcrm.com>
Date: Tue, 11 Feb 2014 13:16:29 -0800
Organization: SugarCRM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Daniel Lowrey <rdlowrey@gmail.com>, 
 "internals@lists.php.net" <internals@lists.php.net>
References: <CAH8Mpn=dhpKEM_fU=zq0JRx9G0mrD_E6duAu=Sz-6++Qt-TO_g@mail.gmail.com>
In-Reply-To: <CAH8Mpn=dhpKEM_fU=zq0JRx9G0mrD_E6duAu=Sz-6++Qt-TO_g@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [VOTE] Improved TLS Defaults RFC
From: smalyshev@sugarcrm.com (Stas Malyshev)

Hi!

> Voting is now open for the Improved TLS Defaults RFC and will run through
> Wednesday Feb. 19:
> 
> https://wiki.php.net/rfc/improved-tls-defaults#vote

A bit of clarification:
- For stream_socket_enable_crypto, what is the default value of
crypto_type parameter that has to be used if I want the default
behavior? Wouldn't it also be good to have a constant that has the
meaning of "every protocol you can possibly support (including TLS
protocols)"?

- What is the motivation for verify_depth default of 3? RFC does not say
anything on it.

- What is the use case for honor_cipher_order? If the client is "bad",
they won't use honor_cipher_order and thus this option doesn't add to
security. If the client is "well-behaved", they would use the correct
set of cyphers. Is this setting meant for PHP servers? Because the
example clearly uses client side.
-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227