Re: Future TLS roadmap

From: Yasuo Ohgaki Date: Wed, 12 Feb 2014 21:41:43 +0000

Subject: Re: Future TLS roadmap

References: 1 2 Groups: php.internals

Request: Send a blank email to internals+get-72528@lists.php.net to get a copy of this message

Hi all,

On Wed, Feb 12, 2014 at 10:39 PM, Pádraic Brady <padraic.brady@gmail.com>wrote:

> On 12 February 2014 13:22, Daniel Lowrey <rdlowrey@gmail.com> wrote:
> > FYI, these are things I plan to work on for the post-5.6 timeframe:
> >
> > - Support for SNI in *servers* (currently only supported by clients)
> > - Support for DTLS (datagram client/server encryption)
> > - Mitigating the client-initiated renegotiation DoS vector in TLS servers
> >
> > Most TLS changes could probably pass as "security fixes" and may be
> > feasible for 5.6 bugfix releases. The alternative is obviously to put
> them
> > in master and wait for 5.7. In any case we can cross that bridge when we
> > get there.
>
> I'd support the renegotiation DOS vector as a current bugfix - it's
> been documented for what, 2 years now since a POC was published?


I'm getting used to delayed security fixes...
+1 for fix it ASAP.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

Thread (4 messages)

Daniel LowreyWed, 12 Feb 2014 13:22:18 +0000
Pádraic BradyWed, 12 Feb 2014 13:39:48 +0000
Yasuo OhgakiWed, 12 Feb 2014 21:41:43 +0000
Daniel LowreyFri, 21 Feb 2014 21:18:40 +0000

« previous	php.internals (#72528)	next »

From:	Yasuo Ohgaki	Date:	Wed, 12 Feb 2014 21:41:43 +0000
Subject:	Re: Future TLS roadmap
References:	1 2	Groups:	php.internals
Request:	Send a blank email to internals+get-72528@lists.php.net to get a copy of this message