Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[HttpClient] Add optioncrypto_method to set the minimum TLS version and make it default to v1.2#50274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
368b912 to38f0aa1Comparestof commentedMay 9, 2023
I don't see where you actually configure the min TLS version of the amp/socket TLS context in this PR. Is this actually implemented in this PR ? |
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
| $options['local_cert'] &&$context =$context->withCertificate(newCertificate($options['local_cert'],$options['local_pk'])); | ||
| $options['ciphers'] &&$context =$context->withCiphers($options['ciphers']); | ||
| $options['capture_peer_cert_chain'] &&$context =$context->withPeerCapturing(); | ||
| $options['crypto_method'] &&$context =$context->withMinimumVersion($options['crypto_method']); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
@stof this is the line you're looking for
crypto_method to set the minimum SSL version and make it default to TLSv1.2crypto_method to set the minimum TLS/SSL version and make it default to TLSv1.2crypto_method to set the minimum TLS/SSL version and make it default to TLSv1.2crypto_method to set the minimum SSL/TLS version and make it default to TLSv1.2nicolas-grekas commentedMay 9, 2023
PR updated to target 6.3 in case we'd like to merge it now. Status: needs review |
crypto_method to set the minimum SSL/TLS version and make it default to TLSv1.2crypto_method to set the minimum TLS version and make it default to TLSv1.2crypto_method to set the minimum TLS version and make it default to TLSv1.2crypto_method to set the minimum TLS version and make it default to v1.2…n and make it default to v1.2
fabpot commentedMay 12, 2023
Thank you@nicolas-grekas. |
GrahamCampbell commentedMay 15, 2023
FYI, this has now similarly been implemented in Guzzle 7.6.0, though without the change to the default, not just because I feel it is arguably breaking, but also because Guzzle tends to have people using much older technology including versions of curl that may not even have the needed constant defined. |
…(HypeMC)This PR was merged into the 6.4 branch.Discussion----------[HttpClient] Add `crypto_method` to scoped client options| Q | A| ------------- | ---| Branch? | 6.4| Bug fix? | yes| New feature? | no| Deprecations? | no| Issues | -| License | MITWhile working on something else I've noticed that the `crypto_method` option wasn't added for scoped clients in#50274. I'm not sure if this was intentional or not, but as far as I can tell, there's no reason for the option to not be there, so I'm guessing it was an oversight.Commits-------e274ee4 [HttpClient] Add `crypto_method` to scoped client options
Uh oh!
There was an error while loading.Please reload this page.
Idea borrowed fromasync-aws/aws#1402 by@GrahamCampbell
Note that Firefox/Chrome disabled support for TLS < 1.2 in 2020 and TLSv1.2 is available since 2008.