2017-07-03 19:24 GMT+02:00 Sara Golemon <poll...@php.net>: > On Mon, Jul 3, 2017 at 1:12 PM, Niklas Keller <m...@kelunik.com> wrote: > > Additionally there will be two INI options > > which are only added to PHP 7.1 and 7.0 to allow people to immediately > > upgrade to secure defaults without any risk of breaking other apps. > > > I understand what you're going for there, but it's just a bit weird to > have that INI option exist for a weird pair of version ranges and not > forward. I'd say keep the INI in 7.2 and (perhaps) mark them > deprecated. There's no sense making that upgrade path unreasonably > difficult. >
True, but I'd like it to be an INI option to strengthen the security, but not allow to weaken it. You really shouldn't use MD5 or SHA1 for TLS certificates 2018 (!). If you really need it there, you can still set a default stream context option, but we won't clutter the INI options of future versions. Regards, Niklas