Other openssl things

From: Daniel Lowrey Date: Tue, 17 Dec 2013 01:09:31 +0000

Subject: Other openssl things

Groups: php.internals

Request: Send a blank email to [email protected] to get a copy of this message

In addition to the RFC for TLS peer verification here's a heads up for
those interested in some of the recent updates to ext/openssl ... we've had
some quality improvements in the area of TLS encryption and Michael (@m6w6)
has been really helpful getting these PRs merged. I'd have to check to see
what's in 5.5 and what is slated for 5.6 but ...


Peer cert fingerprint comparisons are *really* easy now (insert NSA joke
here):
https://github.com/php/php-src/commit/edd93f34520b550c4c42877fe9e03112cad005ba

Added support for building against OpenSSLv1.0.1 (required for TLS > v1.0):
https://github.com/php/php-src/commit/b026993a74f452c5f6a689124b4ad4d7b3ac2491

Added support for TLSv1.1 and TLSv1.2:
https://github.com/php/php-src/commit/2ddefbd2b3027882490eb997fc7bc13185a67207

Streams may now specify the crypto method (SSLv2, SSLv3, TLS1.0, etc) as a
context option:
https://github.com/php/php-src/commit/ce2789558a970057539094ca9019d98ff09e831e

Peer verification now utilizes the Subject Alternative Name (SAN) X.509
extension:
https://github.com/php/php-src/commit/1970b964430a357d9c9acf01268849d86a99f4ec

Thread (1 message)

Daniel LowreyTue, 17 Dec 2013 01:09:31 +0000

« previous	php.internals (#70690)	next »

From:	Daniel Lowrey	Date:	Tue, 17 Dec 2013 01:09:31 +0000
Subject:	Other openssl things
Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message