Yes, I can confirm it fixes the PHP case: # php -r 'var_dump(openssl_get_cipher_methods());' | grep 'aes-.*-hmac' string(21) "aes-128-cbc-hmac-sha1" string(23) "aes-128-cbc-hmac-sha256" string(21) "aes-256-cbc-hmac-sha1" string(23) "aes-256-cbc-hmac-sha256”
Ondrej -- Ondřej Surý ond...@sury.org > On 8 Oct 2019, at 22:58, Ondřej Surý <ond...@sury.org> wrote: > > I issued a rebuild in the PPA > (https://launchpad.net/~ondrej/+archive/ubuntu/php/) and in the DPA > (https://packages.sury.org/php/) with the mentioned patch. > > For Debian, the machine is kind of stuck building arm* builds in qemu, so it > might take a longer, but the PPAs should be built under an hour, so I’ll let > you know. > > Thanks for pointing to the right direction. > > Ondrej > -- > Ondřej Surý > ond...@sury.org > >> On 8 Oct 2019, at 22:51, Kurt Roeckx <k...@roeckx.be> wrote: >> >> On Tue, Oct 08, 2019 at 10:15:33PM +0200, Ondřej Surý wrote: >>> The one package particularly hit by this is PHP. >>> >>> The openssl_get_cipher_methods() function does list the hmac variants with >>> 1.1.1c, but it doesn’t with 1.1.1d, so there’s definitely a regression >>> somewhere. >> >> Is this something that's fixed by >> https://github.com/openssl/openssl/pull/10074? >> >> >> Kurt >> >