Re: Default https encryption wrapper
On Thu Dec 19, 2013 at 10:1042AM -0800, Adam Harvey wrote:
> On 19 December 2013 06:39, Daniel Lowrey <[email protected]> wrote:
> > To me, this change is a necessary one. Most users should not notice the
> > change as TLSv1.0 is well established and supported by *virtually* all
> > servers. Default to the more secure protocols here would dovetail nicely
> > alongside the other security enhancements in 5.6.
>
> I think we should do it. It will need to be documented clearly, and
> hopefully we can put a good error message on top of this for users who
> do run into problems with SSLv3-only servers, but I think the increase
I agree with that. Part of the reasoning for my change to
stream_context_set_option() that Daniel mentions was to make it
possible to swap the default transport in the future while giving
people a way to go back to the old SSLv23 behaviour if they really
need it.
- Martin
Thread (4 messages)