Re: Future TLS roadmap

From: Pádraic Brady Date: Wed, 12 Feb 2014 13:39:48 +0000

Subject: Re: Future TLS roadmap

References: 1 Groups: php.internals

Request: Send a blank email to [email protected] to get a copy of this message

Hi Daniel,

On 12 February 2014 13:22, Daniel Lowrey <[email protected]> wrote:
> FYI, these are things I plan to work on for the post-5.6 timeframe:
>
> - Support for SNI in *servers* (currently only supported by clients)
> - Support for DTLS (datagram client/server encryption)
> - Mitigating the client-initiated renegotiation DoS vector in TLS servers
>
> Most TLS changes could probably pass as "security fixes" and may be
> feasible for 5.6 bugfix releases. The alternative is obviously to put them
> in master and wait for 5.7. In any case we can cross that bridge when we
> get there.

I'd support the renegotiation DOS vector as a current bugfix - it's
been documented for what, 2 years now since a POC was published?

Paddy

--
Pádraic Brady

http://blog.astrumfutura.com
http://www.survivethedeepend.com
Zend Framework Community Review Team
Zend Framework PHP-FIG Representative

Thread (4 messages)

Daniel LowreyWed, 12 Feb 2014 13:22:18 +0000
Pádraic BradyWed, 12 Feb 2014 13:39:48 +0000
Yasuo OhgakiWed, 12 Feb 2014 21:41:43 +0000
Daniel LowreyFri, 21 Feb 2014 21:18:40 +0000

« previous	php.internals (#72519)	next »

From:	Pádraic Brady	Date:	Wed, 12 Feb 2014 13:39:48 +0000
Subject:	Re: Future TLS roadmap
References:	1	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message