Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:99230 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 28929 invoked from network); 29 May 2017 11:05:50 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 29 May 2017 11:05:50 -0000 Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.216 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.216 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.216] ([81.169.146.216:14238] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 05/D3-34073-D800C295 for ; Mon, 29 May 2017 07:05:49 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1496055946; l=3773; s=domk; d=kelunik.com; h=Content-Type:Cc:To:Subject:Date:From:References:In-Reply-To: MIME-Version; bh=X2LXD/tzpsFcOMGLmCD+4ylvehF26vSGS8yqoogx8kY=; b=e4nBtar7UQpAELFe7Sps+CgBBCZm8kdAbCAJ9oMSR+O+Q2aoiKGiUoKE45WbAB5xC/ uIWpginAako5M64iT8Ep1mXbtM16UKFTqfwGF6LiJvcE2kIAm8cXvWWwSp8iTubaq1tR 9uTKxe3IyaVKSRw1hhHCCyeNwnaQPabQ9WuDQ= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLDup6E67mzuoNHBqT83Q== X-RZG-CLASS-ID: mo00 Received: by mail-oi0-f54.google.com with SMTP id h4so75074838oib.3 for ; Mon, 29 May 2017 04:05:46 -0700 (PDT) X-Gm-Message-State: AODbwcCF6+Ya/2bdBVkAFx3kVQoSuBqjFDPwiv2AoZwoRP+Ge1SWKOXc Q+Hvh+U0LYZEF9eqDb9T06fJfxprQg== X-Received: by 10.157.48.83 with SMTP id w19mr7114512otd.4.1496055945782; Mon, 29 May 2017 04:05:45 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.176.133 with HTTP; Mon, 29 May 2017 04:05:45 -0700 (PDT) In-Reply-To: References: Date: Mon, 29 May 2017 13:05:45 +0200 X-Gmail-Original-Message-ID: Message-ID: To: Nikita Popov , Anatol Belski Cc: PHP Internals Content-Type: multipart/alternative; boundary="001a11c1714e367b6a0550a7ab0e" Subject: Re: [PHP-DEV] [RFC][VOTE] Improved SSL / TLS constants From: me@kelunik.com (Niklas Keller) --001a11c1714e367b6a0550a7ab0e Content-Type: text/plain; charset="UTF-8" 2017-05-29 12:56 GMT+02:00 Nikita Popov : > On Mon, May 29, 2017 at 9:48 AM, Niklas Keller wrote: > >> Morning, >> >> I hereby open the vote on the "Improved SSL / TLS constants" RFC. >> >> This RFC proposes to change PHP's TLS constants to sane values. This >> change >> has been avoided by the previous RFC for PHP 5.6 due to BC reasons. This >> RFCs favors better security instead of backwards compatibility with >> version >> intolerant and out of date servers. >> >> You can find the full RFC here: >> https://wiki.php.net/rfc/improved-tls-constants >> >> Regards, Niklas >> > > I'd really prefer if this RFC targeted current patch branches. I see > minimal BC impact from the change (issues may only arise when communicating > with broken TLS implementations), while *not* making the change is > effectively a BC break as more servers stop supporting TLS 1.0. > > For the lifetime of the 7.0 and 7.1 releases, it appears much more likely > to me that there will be more servers not supporting TLS 1.0 than servers > supporting only TLS 1.0 *and* having a broken version negotiation > implementation. > Same here, but Anatol suggested releasing this with PHP 7.2 first and if nobody complains, backport it to PHP 7.1 and 7.0. Regards, Niklas --001a11c1714e367b6a0550a7ab0e--