On Sun, Nov 27, 2016 at 3:17 PM, Niklas Keller <m...@kelunik.com> wrote:
> > SSL_CTX_set1_sigalgs is anyway only supported starting in OpenSSL 1.0.2, >> > so we need a custom verify callback for older OpenSSL versions. In our >> own >> > verify callback we can use a blacklist instead of the suggested >> whitelist >> > by default. >> > >> > >> No need to add support for 1.0.1 as it's going to be EOL end of December. >> Lower version are EOL already. >> > > That may be true, but we only raised the minimum requirement for newer > versions of PHP. If this is going to be backported for PHP 5.6 / 7.0 / 7.1, > we have to support those older OpenSSL versions I guess? > > Well it depends if it requires feature available only in the later version of OpenSSL which would be the case for the currently proposed version of the RFC that would make use of SSL_CTX_set1_sigalgs_list macro. I don't think that we should parse the string of allowed sig algs and re-implement it for OpenSSL versions that are EOL anyway. It's not something unusual to have a feature dependent on the library version. For example we did exactly the some for openssl_pbkdf2 that worked only if it was compiled with OpenSSL 1.0.0+. So if you had PHP 7.0 and OpenSSL 0.9.8, it wasn't available. I have been thinking about the defaults and I don't think we should have any default value for this. Instead we should concentrate on supporting security levels [1]. That will give a much better way how to define a number of bits security. For example if we have selected level 2 to get 112 bits of security, then the SSH-1 sig algs would be automatically disabled as it offers only 80 bits of security. It would also disable all other weaker algs so user couldn't for example use RSA keys shorter than 2048 bits. That's much better and easier way for users to define the security as they would just need to set a number (from 0 to 5 atm). I'm aware that this is supported only by OpenSSL 1.1 but I wouldn't see that as an issue. At the time the PHP 7.2 is out, there will be much bigger usage of OpenSSL 1.1 and the users on lower version could still disable it manually. [1] https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_security_level.html Cheers Jakub
