Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:97205
Return-Path: <jakub.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 68805 invoked from network); 27 Nov 2016 13:06:42 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Nov 2016 13:06:42 -0000
Authentication-Results: pb1.pair.com smtp.mail=jakub.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=jakub.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.173 as permitted sender)
X-PHP-List-Original-Sender: jakub.php@gmail.com
X-Host-Fingerprint: 209.85.217.173 mail-ua0-f173.google.com  
Received: from [209.85.217.173] ([209.85.217.173:34330] helo=mail-ua0-f173.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F8/26-21589-B5ADA385 for <internals@lists.php.net>; Sun, 27 Nov 2016 08:06:35 -0500
Received: by mail-ua0-f173.google.com with SMTP id 51so118173845uai.1
        for <internals@lists.php.net>; Sun, 27 Nov 2016 05:06:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=a75JC5fDE0s0Xzc1JLNxmyRpkm+RWanKphRYcE6khw8=;
        b=YAfdH00+vp/tEV/up2LoBxBKwO1Mz32dnPKhWZ57wrdJmuwsPRG8DBxg6LV+sUt7d4
         OPzXRSMnL+opJClk8hPHzUEQj2nZlZmxtHSGxgpXHwej8TjMi9rV3ftzg+XM3Et2mM8s
         60WmRbjQAByr98hzi6l9nCOW3srJCxna0s2G5CVjeZUL/pQdxlxT6AZ6zhn3Y7XNHV3g
         cLodv8TNu0ztcqkatS8/HLmbJmRh0kLhpdZaHNkpHmYelUajHQAZkmdVywaXtus4nK7+
         YSs+NHVZnVUdznrDLFTxhVOSGB8BUHYYUSU+XKAyRqv5/TRrbYnDENRo5lQFjCqdX29n
         zObQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=a75JC5fDE0s0Xzc1JLNxmyRpkm+RWanKphRYcE6khw8=;
        b=YlbG+D0bJMKhNb1MkpTcG96Qvr7jAJOPswOndBgb2CODh5ReFf8GpobmOuYlgalV3s
         /oheZuc/tzR6CWKPLueyH0N8J6pehbV618H2P47tdiHFMC4d1TwFN9vI0e2DXu6MhyY6
         nUGR9kLYlEpgiTYF83NedBxXgZnr9/7CZ7ByChG3pqI16I3a8ub0pOhWjrfew8glwVhF
         23PVXAz2Sx+JluWbVjfsvXsRM9lUQGvlfAxdjpqbA2xGaJ8+/MxBLZBYwl9mAfOlRXVj
         SupFhJwr6HzmQbkWg9SMNhFhBUl+Tnr33vuUoan3MekGuHLifcpk/brYOROdQTKQ85kH
         HuFw==
X-Gm-Message-State: AKaTC0255hghDyd5DiO1O0Ka6YjtHARKelWMSzHTEA2YUPf7mDtECc++2JSDny27yNwpLFJQ3nE4BYFFiKseCQ==
X-Received: by 10.176.82.71 with SMTP id j7mr9733091uaa.77.1480251991925; Sun,
 27 Nov 2016 05:06:31 -0800 (PST)
MIME-Version: 1.0
Sender: jakub.php@gmail.com
Received: by 10.31.146.74 with HTTP; Sun, 27 Nov 2016 05:06:31 -0800 (PST)
In-Reply-To: <CANUQDCiUYNwH_tkZyS_cbWVa1X=4CAA3_14VD+fYjAXk-JU=1g@mail.gmail.com>
References: <CANUQDCiUYNwH_tkZyS_cbWVa1X=4CAA3_14VD+fYjAXk-JU=1g@mail.gmail.com>
Date: Sun, 27 Nov 2016 13:06:31 +0000
X-Google-Sender-Auth: m-0Y6uAKl6SS0CZgQrb8Mv8IhQ8
Message-ID: <CAEKnhAGV2MjJ0AZ0kxWokvr2LEqdESzWsb2dfZgXzyQFYts1uw@mail.gmail.com>
To: Niklas Keller <me@kelunik.com>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=94eb2c18f9b4282b1105424806c2
Subject: Re: [PHP-DEV] [RFC] Distrust SHA-1 Certificates
From: bukka@php.net (Jakub Zelenka)

--94eb2c18f9b4282b1105424806c2
Content-Type: text/plain; charset=UTF-8

On Sat, Nov 26, 2016 at 3:49 PM, Niklas Keller <me@kelunik.com> wrote:

> Morning Internals,
>
> I plan to distrust SHA-1 certificates by default in PHP 7.2. All major
> browsers will no longer trust SHA-1 certificates starting already
> 2017-01-01.
>
> Unfortunately, PHP doesn't even provide a way yet to limit the accepted
> algorithms for certificates. The RFC fixes that and introduces new defaults
> for PHP 7.2. The "signature_algorithms" context option will also be
> backported to PHP 5.6, which is only supported until the end of 2016 with
> regular releases, but after that there will be two more years of
> security-only updates. Therefore I'd like to get this done before the end
> of 2016.
>
> Currently the RFC aims for BC and doesn't restrict the algorithms on older
> versions. As all major browsers start distrusting those certificates on
> 2017-01-01 I'm not sure whether that's the correct choice. I'd like to go
> secure-by-default there and disable SHA-1 also on older versions. People
> which really need longer can always opt-out and add the needed algorithms
> again. Unfortunately, we didn't announce any plans regarding SHA-1 yet, so
> this might be a bit last-minute.
>
> You can read the full RFC in the wiki:
> https://wiki.php.net/rfc/distrust-sha1-certificates
>
>
I think you should change the format to match the one supported by OpenSSL
[1] which is also simpler.

In general I'm not a big fan of such defaults especially when new values
can be added later (e.g. EdDSA that is specified in TLS 1.3) so we have to
keep it up to date which was kind of issue in the past. However I see the
point that we should make it easier for users to have it secure by default
so it's probably a good choice. It's not actually just about SHA

I'm not so sure about 5.6 as we are very close to the end of active support
and if this introduces any bug, we won't be able to fix it. It would be
also motivation for some users to update to 7.

[1] https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set1_sigalgs_list.html
[2]

Cheers

Jakub

--94eb2c18f9b4282b1105424806c2--