Fix outdated ssl:// transport description and clarify TLS behavior #5088

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

lacatoire wants to merge 1 commit into php:master from lacatoire:fix/transports-ssl-description

appendices/transports.xml

-Original file line number
+Diff line change
@@ Expand Up / @@ -22,6 +22,13 @@ @@
        <literal>ssl://</literal>, <literal>tls://</literal>,
        <literal>sslv2://</literal> &amp; <literal>sslv3://</literal>.
       </simpara>
+      <note>
+       <simpara>
+        The <literal>sslv2://</literal> and <literal>sslv3://</literal> transports
+        are obsolete and should not be used. They are documented for
+        backward compatibility only.
+       </simpara>
+      </note>
       <note>
        <simpara>
@@ Expand All / @@ -38,8 +45,6 @@ @@
        <listitem><simpara><literal>tcp://www.example.com</literal></simpara></listitem>
        <listitem><simpara><literal>udp://www.example.com</literal></simpara></listitem>
        <listitem><simpara><literal>ssl://www.example.com</literal></simpara></listitem>
-       <listitem><simpara><literal>sslv2://www.example.com</literal></simpara></listitem>
-       <listitem><simpara><literal>sslv3://www.example.com</literal></simpara></listitem>
        <listitem><simpara><literal>tls://www.example.com</literal></simpara></listitem>
       </itemizedlist>
@@ Expand Down Expand Up / @@ -78,11 +83,18 @@ @@
       </simpara>
       <simpara>
-       <literal>ssl://</literal> will attempt to negotiate an SSL V2,
-       or SSL V3 connection depending on the capabilities and preferences
-       of the remote host.  <literal>sslv2://</literal> and
-       <literal>sslv3://</literal> will select the SSL V2 or SSL V3
-       protocol explicitly.
+       <literal>ssl://</literal> will attempt to negotiate a secure SSL/TLS
+       connection depending on the capabilities and preferences of both the
+       client and the remote host. The actual protocols that may be used are
+       determined by the OpenSSL configuration and by any options provided
+       through <function>stream_context_create</function>, such as
+       <literal>ssl.crypto_method</literal>.
+      </simpara>
+      <simpara>
+       The SSLv2 and SSLv3 protocols are obsolete and insecure. Their use is
+       strongly discouraged and they are no longer enabled by default in
+       modern versions of PHP and OpenSSL.
       </simpara>
      </section>
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix outdated ssl:// transport description and clarify TLS behavior #5088

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Fix outdated ssl:// transport description and clarify TLS behavior #5088

Are you sure you want to change the base?

Uh oh!

Fix outdated ssl:// transport description and clarify TLS behavior #5088

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing