Skip to content

TLS 1.3 support - patch v3 #3909

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 28, 2019
Merged

TLS 1.3 support - patch v3 #3909

merged 3 commits into from
Apr 28, 2019

Conversation

bukka
Copy link
Member

@bukka bukka commented Mar 3, 2019

This is an updated version of the PR #3700 - patch v2. It fixes logic and tests.

I plan to add it to the default as well but it needs extra tests. It's not ready for merging yet but creating a PR to see the CI result.

@bukka bukka mentioned this pull request Mar 3, 2019
Closed
@bukka bukka force-pushed the openssl_tls_13 branch 2 times, most recently from d9a7f2e to c658218 Compare March 10, 2019 17:13
@bukka
Copy link
Member Author

bukka commented Mar 10, 2019
edited
Loading

@kelunik I enabled TLS 1.3 by default. Would you be able to give it a try with Amp if all works fine for you?

@kelunik
Copy link
Member

kelunik commented Mar 10, 2019

@bukka thanks, I'll give it a try this week.

@bukka
Copy link
Member Author

bukka commented Mar 31, 2019

@kelunik Did you get chance to do any testing? Think it would be great to do a bit more testing if it should go to 7.3.

@kelunik
Copy link
Member

kelunik commented Mar 31, 2019
edited
Loading

@bukka Unfortunately, not yet, but it's still on my list, sorry. Maybe @trowski has a little more time and can test it?

@trowski
Copy link
Member

trowski commented Apr 11, 2019

I will have time after the 20th to do some testing with Amp.

@bukka
Copy link
Member Author

bukka commented Apr 21, 2019

I have been thinking about this and I will probably go just with 7.4. The fact is that this is really a feature and it is going to change the behaviour of 7.3 slightly which we should never do as part of bug fixing release if the current behaviour is not broken. It will also go through the whole cycle and it will get much better testing.

@kelunik
Copy link
Member

kelunik commented Apr 22, 2019

I'm fine with that. If there's a major vulnerability in TLS 1.2 and everyone needs to migrate to 1.3, we can still backport it. On the other hand, it's a pretty minor patch and we could make the tls:// wrapper default to TLS 1.0-1.2 for 7.2-7.3.

@bukka bukka changed the base branch from PHP-7.3 to PHP-7.4 April 22, 2019 18:39
@php-pulls php-pulls merged commit 3c056a9 into php:PHP-7.4 Apr 28, 2019
php-pulls pushed a commit to php/pecl-database-mysql_xdevapi that referenced this pull request Oct 14, 2019
@marinesovitch
WL#12732: DevAPI: Specify TLS ciphers to be used by a client or session
95bc084 
- add support for following secure options: tls-versions, tls-ciphersuites, ssl-ciphers
- improve parsing Uri (e.g. previously in some cases ssl-mode has to always be in front of other secure options)
- improve error messages
- support trying open secure connections in loop for various TLS versions
- still waiting for patches related to TLSv1.3 support in PHP:
php/php-src#3650
php/php-src#3700
php/php-src#3909
clue added a commit to clue-labs/socket that referenced this pull request Nov 17, 2019
@clue
Improve test suite to exclude TLS 1.3 tests on PHP 7.3
59e524b 
Explicit TLS 1.3 will be available via in PHP 7.4:
php/php-src#3909

Older PHP versions implicitly support TLS 1.3 provided that the
underlying OpenSSL version supports TLS 1.3. However, for PHP 7.3 some
recent changes implicitly disable TLS 1.3, so we skip TLS 1.3 tests on
affected PHP versions: php/php-src#3317
@clue clue mentioned this pull request Nov 17, 2019
Merged
clue added a commit to clue-labs/socket that referenced this pull request Nov 17, 2019
@clue
Improve test suite to exclude TLS 1.3 tests on PHP 7.3
bca0f77 
Explicit TLS 1.3 will be available via in PHP 7.4:
php/php-src#3909

Older PHP versions implicitly support TLS 1.3 provided that the
underlying OpenSSL version supports TLS 1.3. However, for PHP 7.3 some
recent changes implicitly disable TLS 1.3, so we skip TLS 1.3 tests on
affected PHP versions: php/php-src#3317
clue added a commit to clue-labs/socket that referenced this pull request Nov 17, 2019
@clue
Improve test suite to exclude TLS 1.3 tests on PHP 7.3
198690e 
Explicit TLS 1.3 support will be available in PHP 7.4:
php/php-src#3909

Older PHP versions implicitly support TLS 1.3 provided that the
underlying OpenSSL version supports TLS 1.3. However, for PHP 7.3 some
recent changes implicitly disable TLS 1.3, so we skip TLS 1.3 tests on
affected PHP versions: php/php-src#3317
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@bukka @kelunik @trowski @the-djmaze @php-pulls @carusogabriel