subject:"\[PHP\-DEV\] PHP 8.1 and OpenSSL"

Re: [PHP-DEV] PHP 8.1 and OpenSSL

2023-09-13 Thread Ben Ramsey


On 7/5/23 10:44, Ben Ramsey wrote:

On Jun 13, 2023, at 15:06, Jan Ehrhardt  wrote:

Hi Christoph,

"Christoph M. Becker" in php.internals (Wed, 18 Jan 2023 13:20:41 +0100):

While the official builds for PHP 8.2 already use OpenSSL 3.0, the PHP
8.1 builds are still using OpenSSL 1.1.1.  However, OpenSSL 1.1.1 is
only supported till 2023-09-11[1], while PHP 8.1 is supported till
2024-11-25[2].  Although I don't like bumping the OpenSSL version in the
middle of PHP 8.1's lifetime, I suppose it is necessary to avoid falling
behind security support.  And if we do that bump, we better do it sooner
than later.

So, if there are no unforeseen problems, I suggest to build PHP
8.1.16RC1 with OpenSSL 3.0 (PHP 8.1.15RC1 has already been built with
OpenSSL 1.1.1).

Thoughts?  Objections?

[1] 
[2] 


I noticed that PHP 8.1.20 at https://windows.php.net/download/ was built
with OpenSSL 1.1.1t and PHP 8.2.7 & 8.3.0 Alpha 1 with OpenSSL 3.0.8. What
will be the official policy for 8.1, 8.2 and 8.3? All 3 versions with
OpenSSL 3.0.x or 8.1 still with OpenSSL 1.1.1? And none of the three
versions with OpenSSL 3.1.x? Please clarify.



What’s the process for changing this? Do release managers need to change the 
way we bundle the packages, or does something need to be merged into the 
PHP-8.1 branch?



I've still not heard anything back regarding this.

Is there anything the release managers need to do, or is this an issue 
specifically for the Windows builds?


If it's for the Windows builds only, how can we help facilitate this change?

Cheers,
Ben



OpenPGP_signature
Description: OpenPGP digital signature

Re: [PHP-DEV] PHP 8.1 and OpenSSL

2023-07-20 Thread Jan Ehrhardt

Ben Ramsey in php.internals (Tue, 18 Jul 2023 16:23:02 -0500):
>
>> Whats the process for changing this? Do release managers need to change
>> the way we bundle the packages, or does something need to be merged into
>> the PHP-8.1 branch?
>
>Does anyone know the answer to this question?

Not me. But this is becoming an urgent question now that the EOL of
OpenSSL 1.1.1 is around the corner.

Comparable question: will PHP 8.3 be built with VS17 (Visual Studio 2022)?
PHP 8.3.0 beta 1 is still built with VS16 (Visual Studio 2019):
https://windows.php.net/qa/ 
-- 
Jan

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Re: [PHP-DEV] PHP 8.1 and OpenSSL

2023-07-18 Thread Ben Ramsey

> On Jul 5, 2023, at 10:44, Ben Ramsey  wrote:
> 
>> On Jun 13, 2023, at 15:06, Jan Ehrhardt  wrote:
>> 
>> Hi Christoph,
>> 
>> "Christoph M. Becker" in php.internals (Wed, 18 Jan 2023 13:20:41 +0100):
>>> While the official builds for PHP 8.2 already use OpenSSL 3.0, the PHP
>>> 8.1 builds are still using OpenSSL 1.1.1.  However, OpenSSL 1.1.1 is
>>> only supported till 2023-09-11[1], while PHP 8.1 is supported till
>>> 2024-11-25[2].  Although I don't like bumping the OpenSSL version in the
>>> middle of PHP 8.1's lifetime, I suppose it is necessary to avoid falling
>>> behind security support.  And if we do that bump, we better do it sooner
>>> than later.
>>> 
>>> So, if there are no unforeseen problems, I suggest to build PHP
>>> 8.1.16RC1 with OpenSSL 3.0 (PHP 8.1.15RC1 has already been built with
>>> OpenSSL 1.1.1).
>>> 
>>> Thoughts?  Objections?
>>> 
>>> [1] 
>>> [2] 
>> 
>> I noticed that PHP 8.1.20 at https://windows.php.net/download/ was built
>> with OpenSSL 1.1.1t and PHP 8.2.7 & 8.3.0 Alpha 1 with OpenSSL 3.0.8. What
>> will be the official policy for 8.1, 8.2 and 8.3? All 3 versions with
>> OpenSSL 3.0.x or 8.1 still with OpenSSL 1.1.1? And none of the three
>> versions with OpenSSL 3.1.x? Please clarify.
> 
> 
> What’s the process for changing this? Do release managers need to change the 
> way we bundle the packages, or does something need to be merged into the 
> PHP-8.1 branch?


Does anyone know the answer to this question?

Cheers,
Ben




signature.asc
Description: Message signed with OpenPGP

Re: [PHP-DEV] PHP 8.1 and OpenSSL

2023-07-05 Thread Jan Ehrhardt

Ben Ramsey in php.internals (Wed, 5 Jul 2023 10:44:12 -0500):
>> On Jun 13, 2023, at 15:06, Jan Ehrhardt  wrote:
>> 
>> Hi Christoph,
>> 
snip
>>> 
>>> So, if there are no unforeseen problems, I suggest to build PHP
>>> 8.1.16RC1 with OpenSSL 3.0 (PHP 8.1.15RC1 has already been built with
>>> OpenSSL 1.1.1).
>>> 
>>> Thoughts?  Objections?
>>> 
>>> [1] 
>>> [2] 
>> 
>> I noticed that PHP 8.1.20 at https://windows.php.net/download/ was built
>> with OpenSSL 1.1.1t and PHP 8.2.7 & 8.3.0 Alpha 1 with OpenSSL 3.0.8. What
>> will be the official policy for 8.1, 8.2 and 8.3? All 3 versions with
>> OpenSSL 3.0.x or 8.1 still with OpenSSL 1.1.1? And none of the three
>> versions with OpenSSL 3.1.x? Please clarify.
>
>Whats the process for changing this? Do release managers need to change
>the way we bundle the packages, or does something need to be merged into
>the PHP-8.1 branch?

I really would not know that. Christoph should know what has to be
changed, but he has not been really active on the Windows (and PECL) front
lately.
Just for the record: PHP 8.1.21 on https://windows.php.net/download/ is
yet again built with OpenSSL 1.1.1.
-- 
Jan

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Re: [PHP-DEV] PHP 8.1 and OpenSSL

2023-07-05 Thread Ben Ramsey

> On Jun 13, 2023, at 15:06, Jan Ehrhardt  wrote:
> 
> Hi Christoph,
> 
> "Christoph M. Becker" in php.internals (Wed, 18 Jan 2023 13:20:41 +0100):
>> While the official builds for PHP 8.2 already use OpenSSL 3.0, the PHP
>> 8.1 builds are still using OpenSSL 1.1.1.  However, OpenSSL 1.1.1 is
>> only supported till 2023-09-11[1], while PHP 8.1 is supported till
>> 2024-11-25[2].  Although I don't like bumping the OpenSSL version in the
>> middle of PHP 8.1's lifetime, I suppose it is necessary to avoid falling
>> behind security support.  And if we do that bump, we better do it sooner
>> than later.
>> 
>> So, if there are no unforeseen problems, I suggest to build PHP
>> 8.1.16RC1 with OpenSSL 3.0 (PHP 8.1.15RC1 has already been built with
>> OpenSSL 1.1.1).
>> 
>> Thoughts?  Objections?
>> 
>> [1] 
>> [2] 
> 
> I noticed that PHP 8.1.20 at https://windows.php.net/download/ was built
> with OpenSSL 1.1.1t and PHP 8.2.7 & 8.3.0 Alpha 1 with OpenSSL 3.0.8. What
> will be the official policy for 8.1, 8.2 and 8.3? All 3 versions with
> OpenSSL 3.0.x or 8.1 still with OpenSSL 1.1.1? And none of the three
> versions with OpenSSL 3.1.x? Please clarify.


What’s the process for changing this? Do release managers need to change the 
way we bundle the packages, or does something need to be merged into the 
PHP-8.1 branch?

Cheers,
Ben





signature.asc
Description: Message signed with OpenPGP

Re: [PHP-DEV] PHP 8.1 and OpenSSL

2023-01-18 Thread Hans Henrik Bergan

+1, we don't want to bundle and maintain and monkey-patch 1.1.1
ourselves for 14.4 months,
which I guess would be the alternative.

On Wed, 18 Jan 2023 at 13:20, Christoph M. Becker  wrote:
>
> Hi all!
>
> While the official builds for PHP 8.2 already use OpenSSL 3.0, the PHP
> 8.1 builds are still using OpenSSL 1.1.1.  However, OpenSSL 1.1.1 is
> only supported till 2023-09-11[1], while PHP 8.1 is supported till
> 2024-11-25[2].  Although I don't like bumping the OpenSSL version in the
> middle of PHP 8.1's lifetime, I suppose it is necessary to avoid falling
> behind security support.  And if we do that bump, we better do it sooner
> than later.
>
> So, if there are no unforeseen problems, I suggest to build PHP
> 8.1.16RC1 with OpenSSL 3.0 (PHP 8.1.15RC1 has already been built with
> OpenSSL 1.1.1).
>
> Thoughts?  Objections?
>
> [1] 
> [2] 
>
> --
> Christoph M. Becker
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: https://www.php.net/unsub.php
>

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

[PHP-DEV] PHP 8.1 and OpenSSL

2023-01-18 Thread Christoph M. Becker

Hi all!

While the official builds for PHP 8.2 already use OpenSSL 3.0, the PHP
8.1 builds are still using OpenSSL 1.1.1.  However, OpenSSL 1.1.1 is
only supported till 2023-09-11[1], while PHP 8.1 is supported till
2024-11-25[2].  Although I don't like bumping the OpenSSL version in the
middle of PHP 8.1's lifetime, I suppose it is necessary to avoid falling
behind security support.  And if we do that bump, we better do it sooner
than later.

So, if there are no unforeseen problems, I suggest to build PHP
8.1.16RC1 with OpenSSL 3.0 (PHP 8.1.15RC1 has already been built with
OpenSSL 1.1.1).

Thoughts?  Objections?

[1] 
[2] 

--
Christoph M. Becker

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Re: [PHP-DEV] PHP 8.1 and OpenSSL

Re: [PHP-DEV] PHP 8.1 and OpenSSL

Re: [PHP-DEV] PHP 8.1 and OpenSSL

Re: [PHP-DEV] PHP 8.1 and OpenSSL

Re: [PHP-DEV] PHP 8.1 and OpenSSL

Re: [PHP-DEV] PHP 8.1 and OpenSSL

[PHP-DEV] PHP 8.1 and OpenSSL

7 matches

Site Navigation

Mail list logo

Footer information