Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:97211
Return-Path: <me@kelunik.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 90302 invoked from network); 27 Nov 2016 20:29:03 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Nov 2016 20:29:03 -0000
Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.220 cause and error)
X-PHP-List-Original-Sender: me@kelunik.com
X-Host-Fingerprint: 81.169.146.220 mo4-p00-ob.smtp.rzone.de  
Received: from [81.169.146.220] ([81.169.146.220:23200] helo=mo4-p00-ob.smtp.rzone.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 36/C8-21589-7024B385 for <internals@lists.php.net>; Sun, 27 Nov 2016 15:28:57 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1480278533;
	l=6145; s=domk; d=kelunik.com;
	h=Content-Type:Cc:To:Subject:Date:From:References:In-Reply-To:
	MIME-Version;
	bh=a4VWGeYdncUp3MTjtJAGAPgG6fwML+bJZ/VWiD11/Yo=;
	b=rVYtyO8AYlm8amL4BrrZ2x5iwjfl2DA03/DJ76x1QmP4Uspivephw3+EE51qelH0Mb
	JfX03l2KABvmvdo1m9McY9cYHHlaZU5IdBOtNMT8WN4D8Z0rYAbcNY2j9ifY2ErRzaZu
	5XNx+nLMv5qaBFX6fNI7VM04L+bogYlITQmO0=
X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLDup6E67mzuoNPBqD/uPA=
X-RZG-CLASS-ID: mo00
Received: from mail-wj0-f178.google.com ([209.85.210.178])
	by smtp.strato.de (RZmta 39.9 AUTH)
	with ESMTPSA id C05660sARKSrJ9E
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA))
	(Client did not present a certificate)
	for <internals@lists.php.net>;
	Sun, 27 Nov 2016 21:28:53 +0100 (CET)
Received: by mail-wj0-f178.google.com with SMTP id mp19so99593424wjc.1
        for <internals@lists.php.net>; Sun, 27 Nov 2016 12:28:53 -0800 (PST)
X-Gm-Message-State: AKaTC00hwIBHG89EMYTOLSBbyJexoDN5HKd5HEDKjxG/iLC06/vebqjaOQ91OfIwAvDH6TW9ST3jZzW1PY5zMg==
X-Received: by 10.194.201.133 with SMTP id ka5mr17425485wjc.151.1480278532892;
 Sun, 27 Nov 2016 12:28:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.80.135.133 with HTTP; Sun, 27 Nov 2016 12:28:52 -0800 (PST)
In-Reply-To: <CAEKnhAF4oDC6B0MajpY-50VvcDEX5hPBNOCLNNg21iO=fR4ZgQ@mail.gmail.com>
References: <CANUQDCiUYNwH_tkZyS_cbWVa1X=4CAA3_14VD+fYjAXk-JU=1g@mail.gmail.com>
 <CAEKnhAGV2MjJ0AZ0kxWokvr2LEqdESzWsb2dfZgXzyQFYts1uw@mail.gmail.com>
 <CAEKnhAGo6gvspeNWhReQSkP-B5UyVaOF=mS0REi1VfrGw6gVrg@mail.gmail.com>
 <CANUQDChj=ZeQ0RGj-teZw9zLThdrnk3XqSe7ULcNuY7e-iqs+Q@mail.gmail.com>
 <CAEKnhAFvN0FN_uXfLowOgqoKMLVLSVfSV09PUumRoh-wMFbobQ@mail.gmail.com>
 <CANUQDCgjhe9cT5hrswa4=GqjbNqtM0b3dHVZMekQmyMPJWtDTQ@mail.gmail.com> <CAEKnhAF4oDC6B0MajpY-50VvcDEX5hPBNOCLNNg21iO=fR4ZgQ@mail.gmail.com>
Date: Sun, 27 Nov 2016 21:28:52 +0100
X-Gmail-Original-Message-ID: <CANUQDCg_eP4V51bhyf21akGysdBRbZFnkxTna6f7=h3CK227Qg@mail.gmail.com>
Message-ID: <CANUQDCg_eP4V51bhyf21akGysdBRbZFnkxTna6f7=h3CK227Qg@mail.gmail.com>
To: Jakub Zelenka <bukka@php.net>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=047d7bae41ba1f312f05424e349e
Subject: Re: [PHP-DEV] [RFC] Distrust SHA-1 Certificates
From: me@kelunik.com (Niklas Keller)

--047d7bae41ba1f312f05424e349e
Content-Type: text/plain; charset=UTF-8

>
> Well it depends if it requires feature available only in the later version
>> of OpenSSL  which would be the case for the currently proposed version of
>> the RFC that would make use of SSL_CTX_set1_sigalgs_list macro. I don't
>> think that we should parse the string of allowed sig algs and re-implement
>> it for OpenSSL versions that are EOL anyway. It's not something unusual to
>> have a feature dependent on the library version. For example we did exactly
>> the some for openssl_pbkdf2 that worked only if it was compiled with
>> OpenSSL 1.0.0+. So if you had PHP 7.0 and OpenSSL 0.9.8, it wasn't
>> available.
>>
>
Having a feature not available is different from having a security issue if
you're using the wrong OpenSSL version.


> I have been thinking about the defaults and I don't think we should have
> any default value for this. Instead we should concentrate on supporting
> security levels [1]. That will give a much better way how to define a
> number of bits security. For example if we have selected level 2 to get 112
> bits of security, then the SSH-1 sig algs would be automatically disabled
> as it offers only 80 bits of security. It would also disable all other
> weaker algs so user couldn't for example use RSA keys shorter than 2048
> bits. That's much better and easier way for users to define the security as
>  they would just need to set a number (from 0 to 5 atm). I'm aware that
> this is supported only by OpenSSL 1.1 but I wouldn't see that as an issue.
> At the time the PHP 7.2 is out, there will be much bigger usage of OpenSSL
> 1.1 and the users on lower version could still disable it manually.
>

I've seen that, too. I've been confused by SHA-1 being mentioned at level
4, but I missed that it's only talking about the MAC mechanism there.

I guess this is the better alternative, but in any way, we have to fix 5.6+
to remove MD5 support I think.

Regards, Niklas


> [1] https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_
> security_level.html
>
> Cheers
>
> Jakub
>

--047d7bae41ba1f312f05424e349e--