Over the past two weeks, I've observed quite a bit of PHP 7+ userland
code breaking due to remote hosts switching to a TLS 1.2 only policy.
For various specific reasons, I strongly suspect that PCI DSS 3.1
implementations or compliance audits against that spec have something to
do with the changes that I'm seeing:
https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls
In just the last two weeks, I've seen completely unrelated servers of
various vendors go offline for an upgrade. When they come back up a
short bit later, they are suddenly configured for TLS 1.2 only. Running
a Qualys SSL labs test confirms the changes. It's a rather specific
change to encounter in such a short period of time.
PHP userland code (e.g. stream_socket_client()) is unable to connect to
such hosts via "tls://" host strings. The string has to be updated to
use the version-specific string "tlsv1.2://" before the connecting code
starts working again.
--
Thomas Hruska
CubicleSoft President
I've got great, time saving software that you will find useful.
http://cubiclesoft.com/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
