Hi,
Sorry to have not detect this problem at RFC time, but the new hardcoded
cipher list, cause some trouble in Fedora.See: https://bugs.php.net/68074
http://fedoraproject.org/wiki/Changes/CryptoPolicy
https://fedoraproject.org/wiki/User:Nmav/CryptoPolicies
https://wiki.php.net/rfc/improved-tls-defaults#default_ciphersAnd the simple patch
https://bugs.php.net/patch-display.php?bug_id=68074&patch=system-ciphers.patch&revision=latest
If no objection, plan to apply this quite soon in 5.6+
This is sensible to me. It gives distros the ability to fine-tune crypto
ciphers in accordance with their own policies and legal requirements. This
has been an issue for RHEL at least in the past with regard to elliptic
curve ciphers. Adding the compile directive would protect users by default
with the new ciphers without causing problems for those adhering to
specific organization/institutional requirements.