FAQ
To those interested, a patch enabling TLS peer verification by default for
client streams is now available here:

https://wiki.php.net/rfc/tls-peer-verification

Please note that this RFC is limited to client peer verification. I *do*
have other outstanding ext/openssl PRs (atomic, tested) that do not merit
RFC discussion (but are no less important). Each of these PRs addresses
existing TLS security issues without breaking BC:

Honor Cipher Order
https://github.com/php/php-src/pull/493

Client-Initiated Renegotiation DoS
https://github.com/php/php-src/pull/486

TLSv1.1 and TLSv1.2 Support
https://github.com/php/php-src/pull/483

Search Discussions

  • Evan Coury at Oct 16, 2013 at 2:30 pm

    On Wed, Oct 16, 2013 at 6:38 AM, Daniel Lowrey wrote:

    To those interested, a patch enabling TLS peer verification by default for
    client streams is now available here:

    https://wiki.php.net/rfc/tls-peer-verification
    I just wanted to say thank you for taking the time to do put this RFC and
    pull request together. It makes me happy to see movement in this direction
    — I think it goes without saying how desperately we need improvements and
    consistency in this area. As mentioned in the RFC, having global defaults
    in the ini will be perfect for distribution package maintainers.

    Thanks again,

    --
    Evan Coury

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupphp-internals @
categoriesphp
postedOct 16, '13 at 1:38p
activeOct 16, '13 at 2:30p
posts2
users2
websitephp.net

2 users in discussion

Daniel Lowrey: 1 post Evan Coury: 1 post

People

Translate

site design / logo © 2022 Grokbase