php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #70439 Deprecate default method for openssl_seal and openssl_open
Submitted: 2015-09-06 17:27 UTC Modified: 2020-11-05 13:24 UTC
Votes:3
Avg. Score:4.0 ± 0.8
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: bukka@php.net Assigned: bukka (profile)
Status: Closed Package: OpenSSL related
PHP Version: Next Minor Version OS: any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bukka@php.net
New email:
PHP Version: OS:

 

 [2015-09-06 17:27 UTC] bukka@php.net 
Description:
------------
The default method for openssl_seal and openssl_open is RC4 which is a weak cipher. For that reason, user should always choose a cipher algorithm (method parameter) explicitly.

The request is to deprecate calling openssl_seal and openssl_open without and method argument (deprecate error message will be printed if the user doesn't supply a method parameter). The method parameter will be then made required in the next major version.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-09-06 17:28 UTC] bukka@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: bukka
 [2020-11-05 13:24 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 [2020-11-05 13:24 UTC] cmb@php.net 
This has already been implemented[1], and will be available as of
PHP 8.0.0.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=3e149427561dc04650aacfa61f9eb431da397997>
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Apr 15 07:01:28 2025 UTC