Skip to content

Commit 390f6dd

Browse files
fabpotfabpot
committed
feature #50274 [HttpClient] Add option crypto_method to set the minimum TLS version and make it default to v1.2 (nicolas-grekas)
This PR was merged into the 6.3 branch. Discussion ---------- [HttpClient] Add option `crypto_method` to set the minimum TLS version and make it default to v1.2 | Q | A | ------------- | --- | Branch? | 6.3 | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - Idea borrowed from async-aws/aws#1402 by `@GrahamCampbell` Note that Firefox/Chrome disabled support for TLS < 1.2 in 2020 and TLSv1.2 is available since 2008. Commits ------- a9f25a15ea [HttpClient] Add option `crypto_method` to set the minimum TLS version and make it default to v1.2
2 parents 089f92c + 612bb5c commit 390f6dd

File tree

1 file changed

+7
-4
lines changed

1 file changed

+7
-4
lines changed

DependencyInjection/Configuration.php

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1817,7 +1817,7 @@ private function addHttpClientSection(ArrayNodeDefinition $rootNode, callable $e
18171817
->info('A network interface name, IP address, a host name or a UNIX socket to bind to.')
18181818
->end()
18191819
->booleanNode('verify_peer')
1820-
->info('Indicates if the peer should be verified in an SSL/TLS context.')
1820+
->info('Indicates if the peer should be verified in a TLS context.')
18211821
->end()
18221822
->booleanNode('verify_host')
18231823
->info('Indicates if the host should exist as a certificate common name.')
@@ -1838,7 +1838,7 @@ private function addHttpClientSection(ArrayNodeDefinition $rootNode, callable $e
18381838
->info('The passphrase used to encrypt the "local_pk" file.')
18391839
->end()
18401840
->scalarNode('ciphers')
1841-
->info('A list of SSL/TLS ciphers separated by colons, commas or spaces (e.g. "RC3-SHA:TLS13-AES-128-GCM-SHA256"...)')
1841+
->info('A list of TLS ciphers separated by colons, commas or spaces (e.g. "RC3-SHA:TLS13-AES-128-GCM-SHA256"...)')
18421842
->end()
18431843
->arrayNode('peer_fingerprint')
18441844
->info('Associative array: hashing algorithm => hash(es).')
@@ -1849,6 +1849,9 @@ private function addHttpClientSection(ArrayNodeDefinition $rootNode, callable $e
18491849
->variableNode('md5')->end()
18501850
->end()
18511851
->end()
1852+
->scalarNode('crypto_method')
1853+
->info('The minimum version of TLS to accept; must be one of STREAM_CRYPTO_METHOD_TLSv*_CLIENT constants.')
1854+
->end()
18521855
->arrayNode('extra')
18531856
->info('Extra options for specific HTTP client')
18541857
->normalizeKeys(false)
@@ -1965,7 +1968,7 @@ private function addHttpClientSection(ArrayNodeDefinition $rootNode, callable $e
19651968
->info('A network interface name, IP address, a host name or a UNIX socket to bind to.')
19661969
->end()
19671970
->booleanNode('verify_peer')
1968-
->info('Indicates if the peer should be verified in an SSL/TLS context.')
1971+
->info('Indicates if the peer should be verified in a TLS context.')
19691972
->end()
19701973
->booleanNode('verify_host')
19711974
->info('Indicates if the host should exist as a certificate common name.')
@@ -1986,7 +1989,7 @@ private function addHttpClientSection(ArrayNodeDefinition $rootNode, callable $e
19861989
->info('The passphrase used to encrypt the "local_pk" file.')
19871990
->end()
19881991
->scalarNode('ciphers')
1989-
->info('A list of SSL/TLS ciphers separated by colons, commas or spaces (e.g. "RC3-SHA:TLS13-AES-128-GCM-SHA256"...)')
1992+
->info('A list of TLS ciphers separated by colons, commas or spaces (e.g. "RC3-SHA:TLS13-AES-128-GCM-SHA256"...)')
19901993
->end()
19911994
->arrayNode('peer_fingerprint')
19921995
->info('Associative array: hashing algorithm => hash(es).')

0 commit comments

Comments
 (0)