Re: Improved TLS Defaults

From:	Daniel Lowrey	Date:	Wed, 29 Jan 2014 19:10:05 +0000
Subject:	Re: Improved TLS Defaults
Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hello internals!

I've added a major new section to the Improved TLS Defaults RFC which can
be found here:

https://wiki.php.net/rfc/improved-tls-defaults#stream_wrapper_creep

I was initially hesitant to include these changes in the RFC because they
have no BC implications. However, upon further contemplation I think the
proposed deprecations in the new "Stream Wrapper Creep" section are
important to incorporate as part of the larger theme of improving the
default level of TLS security in 5.6. In my opinion it's only sensible to
apply as many TLS improvements as possible in one release instead of
stringing them out across multiples.

I don't yet have a patch publicly available however I've implemented all of
the proposed changes locally without failures in the existing test suite.
The relevant patch will be made available once I'm able to add new tests
for the proposed functionality.

As usual, any and all comments are welcome and appreciated.

Cheers!
Daniel


   

Thread (19 messages)

• Daniel LowreyWed, 29 Jan 2014 16:01:15 +0000
  • Pádraic BradyWed, 29 Jan 2014 16:23:51 +0000
• Daniel LowreyWed, 29 Jan 2014 19:10:05 +0000Re: Improved TLS Defaults
  • Yasuo OhgakiWed, 29 Jan 2014 19:46:08 +0000Re: Re: Improved TLS Defaults
    • Daniel LowreyWed, 29 Jan 2014 19:54:27 +0000
  • Pádraic BradyThu, 30 Jan 2014 00:16:32 +0000Re: Re: Improved TLS Defaults
    • Daniel LowreyThu, 30 Jan 2014 03:15:09 +0000
      • Rouven WeßlingThu, 30 Jan 2014 17:11:54 +0000
        • Daniel LowreyThu, 30 Jan 2014 17:17:23 +0000
          • Yasuo OhgakiFri, 31 Jan 2014 21:47:50 +0000
            • Daniel LowreyFri, 31 Jan 2014 22:08:26 +0000
              • Daniel LowreySat, 01 Feb 2014 17:47:31 +0000
                • Pádraic BradySun, 02 Feb 2014 00:27:55 +0000
                  • Daniel LowreySun, 02 Feb 2014 17:37:54 +0000
• Rouven WeßlingThu, 30 Jan 2014 17:11:54 +0000Re: Improved TLS Defaults
  • Daniel LowreyThu, 30 Jan 2014 17:17:23 +0000
    • Yasuo OhgakiFri, 31 Jan 2014 21:47:50 +0000
      • Daniel LowreyFri, 31 Jan 2014 22:08:26 +0000
        • Daniel LowreySat, 01 Feb 2014 17:47:31 +0000
          • Pádraic BradySun, 02 Feb 2014 00:27:55 +0000
            • Daniel LowreySun, 02 Feb 2014 17:37:54 +0000
• Daniel LowreySun, 02 Feb 2014 17:43:04 +0000Re: Improved TLS Defaults
  • Pádraic BradySun, 02 Feb 2014 19:38:13 +0000Re: Re: Improved TLS Defaults
    • Yasuo OhgakiMon, 03 Feb 2014 01:58:33 +0000
      • Daniel LowreyMon, 03 Feb 2014 20:09:16 +0000
• Daniel LowreyFri, 07 Feb 2014 02:50:35 +0000Re: Improved TLS Defaults