Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:99226 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 23325 invoked from network); 29 May 2017 10:56:49 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 29 May 2017 10:56:49 -0000 Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.223.170 as permitted sender) X-PHP-List-Original-Sender: nikita.ppv@gmail.com X-Host-Fingerprint: 209.85.223.170 mail-io0-f170.google.com Received: from [209.85.223.170] ([209.85.223.170:36246] helo=mail-io0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id ED/82-34073-F6EFB295 for ; Mon, 29 May 2017 06:56:48 -0400 Received: by mail-io0-f170.google.com with SMTP id o12so39212965iod.3 for ; Mon, 29 May 2017 03:56:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JveIvgiHSQWeqjyvLIlTR9CdcZxRRIXCfRYps17I7jM=; b=aPvKa6R6P2eBTmsgqalFYuiD6TvA6Iaznw5kCsQL0M4smTJIY6W+z5FMZw0djfbidz WgQ9uIkxK1v4PQ0KbrW0GFGt0iHJ4A5j4kqGLUaM7aEGgQyA4fomw8zT7o4+RdlQ7PV/ CjoW+lb+zVoAPYCWaHPO0Lo2Km5zmw4RyLSDrVeZT9KOCOqRbL1XYYK78Ht6iE9lwhsw o7UvO70hiZcbt9sTKMzilLDBuf2qTn7jgjvsQMEDgFuNWSitnF52vqr9TdLTN9ehNNgP hqg1jc/rwQYRC5Sqjuuwg+5lH138qaK0E8BHJmc61hNh0eVG9aQ84VnxEAfP/YbNz6KU Ting== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JveIvgiHSQWeqjyvLIlTR9CdcZxRRIXCfRYps17I7jM=; b=WxLEouc1t0FXBL74Wsrk8f/N4RXg7DuA5qlDKAAuttmNYnoyazGrEZezMtZ+NouFCE THoYBSV+HcmcXMnju+D34LqJlF5JAv5cm6PqyS+ZNhpcJDyHJrDoRB4l3eGEIiXgPP4p KI/BXbM0rduFsH9aevbEAQGWwA8ZmwmpeEjZ19CrC74z3ea6XDfwHG0ASZwIieF9z827 ZvMMde7jf8Im1Ge4uYML5OzeWIbkL1/FXNHZni4MhN49L4CdwIvJPtkdow24NZ5VvEq/ GtcIdnZYjbRFJL3HDCMzgz0A3a3konoKG7W8GDocC3rJeOsquoexz1txCIVTmcUYQHh0 ensA== X-Gm-Message-State: AODbwcDkKm/h07tmWyNDaobD3Cbhscxt66HJNLwKVxwge4st8uxApRCA 1esI20b4IfP9InwfexCmlcrHcvWffg== X-Received: by 10.107.4.200 with SMTP id 191mr14644460ioe.223.1496055405398; Mon, 29 May 2017 03:56:45 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.12.158 with HTTP; Mon, 29 May 2017 03:56:45 -0700 (PDT) In-Reply-To: References: Date: Mon, 29 May 2017 12:56:45 +0200 Message-ID: To: Niklas Keller Cc: PHP Internals Content-Type: multipart/alternative; boundary="001a113effc600d04c0550a78b86" Subject: Re: [PHP-DEV] [RFC][VOTE] Improved SSL / TLS constants From: nikita.ppv@gmail.com (Nikita Popov) --001a113effc600d04c0550a78b86 Content-Type: text/plain; charset="UTF-8" On Mon, May 29, 2017 at 9:48 AM, Niklas Keller wrote: > Morning, > > I hereby open the vote on the "Improved SSL / TLS constants" RFC. > > This RFC proposes to change PHP's TLS constants to sane values. This change > has been avoided by the previous RFC for PHP 5.6 due to BC reasons. This > RFCs favors better security instead of backwards compatibility with version > intolerant and out of date servers. > > You can find the full RFC here: > https://wiki.php.net/rfc/improved-tls-constants > > Regards, Niklas > I'd really prefer if this RFC targeted current patch branches. I see minimal BC impact from the change (issues may only arise when communicating with broken TLS implementations), while *not* making the change is effectively a BC break as more servers stop supporting TLS 1.0. For the lifetime of the 7.0 and 7.1 releases, it appears much more likely to me that there will be more servers not supporting TLS 1.0 than servers supporting only TLS 1.0 *and* having a broken version negotiation implementation. Nikita --001a113effc600d04c0550a78b86--