Re: [VOTE] Improved TLS Defaults RFC

From: Date: Wed, 12 Feb 2014 03:18:34 +0000
Subject: Re: [VOTE] Improved TLS Defaults RFC
References: 1 2 3 4  Groups: php.internals 
Request: Send a blank email to [email protected] to get a copy of this message 
Just a quick note to say that the questions from earlier today have been
addressed in both the RFC text and the proposed patch:

- The arbitrary default "verify_depth" ssl context option is removed

- The RFC was updated to state explicitly which previously merged 5.6
features are proposed for removal in this proposal

- The tls:// wrapper no longer triggers E_WARNING and works the same as
ssl:// with regard to context-specified crypto method flags. The only
difference between tls:// and ssl:// is that the tls wrapper will not
negotiate SSLv2 or SSLv3 unless instructed to do so in the "crypto_method"
context option.

- Added STREAM_CRYPTO_CLIENT and STREAM_CRYPTO_SERVER constants to denote
"any supported protocol."


These changes are largely cosmetic and do not affect the spirit of the RFC.
However, if you feel they may influence any votes previously cast, please
voice your concerns so I can address them :)

Thanks to Stas, Peter and Adam specifically for their questions today.
Also, special thanks to Pádraic for his feedback over the past couple of
weeks.

-  Daniel

Thread (16 messages)

« previous php.internals (#72492) next »