Re: [VOTE] Improved TLS Defaults RFC
Hi!
> Voting is now open for the Improved TLS Defaults RFC and will run through
> Wednesday Feb. 19:
>
> https://wiki.php.net/rfc/improved-tls-defaults#vote
A bit of clarification:
- For stream_socket_enable_crypto, what is the default value of
crypto_type parameter that has to be used if I want the default
behavior? Wouldn't it also be good to have a constant that has the
meaning of "every protocol you can possibly support (including TLS
protocols)"?
- What is the motivation for verify_depth default of 3? RFC does not say
anything on it.
- What is the use case for honor_cipher_order? If the client is "bad",
they won't use honor_cipher_order and thus this option doesn't add to
security. If the client is "well-behaved", they would use the correct
set of cyphers. Is this setting meant for PHP servers? Because the
example clearly uses client side.
--
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227
Thread (16 messages)