Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72492
Return-Path: <rdlowrey@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 73033 invoked from network); 12 Feb 2014 03:18:38 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 12 Feb 2014 03:18:38 -0000
Authentication-Results: pb1.pair.com smtp.mail=rdlowrey@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=rdlowrey@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.169 as permitted sender)
X-PHP-List-Original-Sender: rdlowrey@gmail.com
X-Host-Fingerprint: 209.85.213.169 mail-ig0-f169.google.com  
Received: from [209.85.213.169] ([209.85.213.169:50326] helo=mail-ig0-f169.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 92/00-07280-C08EAF25 for <internals@lists.php.net>; Tue, 11 Feb 2014 22:18:37 -0500
Received: by mail-ig0-f169.google.com with SMTP id uq10so874720igb.0
        for <internals@lists.php.net>; Tue, 11 Feb 2014 19:18:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=bnkHO3NlIqamGRGPIeSDtHjFQUZbtCc0YreKSw9Wsr4=;
        b=uHT9y1+QRBArbxykcbqQ6/kQDbzefRNO0rJ4Je2Y03/DOmAytOv+sQM0EKvVBs5IaT
         lXa0JSeWKHbKPtLSMG7w2uk6GYkloRHLC+DYFU+nwMp588kfnfUUWkl+7bWRE3PbiElF
         JwAVGM0BbX/Qeo3z5RQjkCekxkVPNkMXfybRMmT1IU7xB7UYbRoJolknoMAPmYp/QAYM
         AZEb8ppE/3dJAlA5xqHSOGpnUckGBvDtLVkNjWPJhf7RqbrphmL2hNMSairQtXVvUbUz
         GOpZX+QbR5y0nmBz82MqoaP9CdJxE9vkyNgTW+fGeoIJn2XgSa8qob0UKas1Zal4PdyV
         vAHw==
MIME-Version: 1.0
X-Received: by 10.43.153.68 with SMTP id kz4mr22969247icc.29.1392175114271;
 Tue, 11 Feb 2014 19:18:34 -0800 (PST)
Received: by 10.50.34.131 with HTTP; Tue, 11 Feb 2014 19:18:34 -0800 (PST)
In-Reply-To: <52FAB584.8040103@sugarcrm.com>
References: <CAH8Mpn=dhpKEM_fU=zq0JRx9G0mrD_E6duAu=Sz-6++Qt-TO_g@mail.gmail.com>
	<52FA932D.5050504@sugarcrm.com>
	<CAH8MpnnC6-gR5REPciKM4nXkXtquP3q5Z00d+WkA+Kz5vak4ZA@mail.gmail.com>
	<52FAB584.8040103@sugarcrm.com>
Date: Tue, 11 Feb 2014 22:18:34 -0500
Message-ID: <CAH8MpnmGed1+he1ycTgrjtG0a+yytTsPop=VXSN_ZXc66OGxbA@mail.gmail.com>
To: "internals@lists.php.net" <internals@lists.php.net>
Cc: Stas Malyshev <smalyshev@sugarcrm.com>, Peter Cowburn <petercowburn@gmail.com>, 
	Adam Harvey <aharvey@php.net>, =?ISO-8859-1?Q?P=E1draic_Brady?= <padraic.brady@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c2ecd826c28804f22d07fe
Subject: Re: [PHP-DEV] [VOTE] Improved TLS Defaults RFC
From: rdlowrey@gmail.com (Daniel Lowrey)

--001a11c2ecd826c28804f22d07fe
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Just a quick note to say that the questions from earlier today have been
addressed in both the RFC text and the proposed patch:

- The arbitrary default "verify_depth" ssl context option is removed

- The RFC was updated to state explicitly which previously merged 5.6
features are proposed for removal in this proposal

- The tls:// wrapper no longer triggers E_WARNING and works the same as
ssl:// with regard to context-specified crypto method flags. The only
difference between tls:// and ssl:// is that the tls wrapper will not
negotiate SSLv2 or SSLv3 unless instructed to do so in the "crypto_method"
context option.

- Added STREAM_CRYPTO_CLIENT and STREAM_CRYPTO_SERVER constants to denote
"any supported protocol."


These changes are largely cosmetic and do not affect the spirit of the RFC.
However, if you feel they may influence any votes previously cast, please
voice your concerns so I can address them :)

Thanks to Stas, Peter and Adam specifically for their questions today.
Also, special thanks to P=E1draic for his feedback over the past couple of
weeks.

-  Daniel

--001a11c2ecd826c28804f22d07fe--