Php: Undefined OPENSSL_ALGO_DSS1

Created on 4 Jan 2019 · 3Comments · Source: docker-library/php

Why OPENSSL_ALGO_DSS1 was undefined in the php on docker?

Reference: http://php.net/manual/zh/openssl.signature-algos.php

I can used it in my dev environment.

question

Source

PMExtra

Most helpful comment

This is probably intentional -- the DSS cipher was deprecated in newer OpenSSL releases:

https://github.com/php/php-src/blob/ee939b70d316fba104a2d41b72b2c17ac711be6c/ext/openssl/openssl.c#L73-L75

See also https://www.openssl.org/news/cl110.txt, especially:

  *) Changes to the DEFAULT cipherlist:
       - Prefer (EC)DHE handshakes over plain RSA.
       - Prefer AEAD ciphers over legacy ciphers.
       - Prefer ECDSA over RSA when both certificates are available.
       - Prefer TLSv1.2 ciphers/PRF.
       - Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the
         default cipherlist.
     [Emilia Käsper]

tianon on 4 Jan 2019

❤1 👍1

All 3 comments

It works fine with php:5, but don't work with php:7

PMExtra on 4 Jan 2019

This is probably intentional -- the DSS cipher was deprecated in newer OpenSSL releases:

https://github.com/php/php-src/blob/ee939b70d316fba104a2d41b72b2c17ac711be6c/ext/openssl/openssl.c#L73-L75

See also https://www.openssl.org/news/cl110.txt, especially:

  *) Changes to the DEFAULT cipherlist:
       - Prefer (EC)DHE handshakes over plain RSA.
       - Prefer AEAD ciphers over legacy ciphers.
       - Prefer ECDSA over RSA when both certificates are available.
       - Prefer TLSv1.2 ciphers/PRF.
       - Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the
         default cipherlist.
     [Emilia Käsper]

tianon on 4 Jan 2019

❤1 👍1

@tianon Thank you for solving my doubts.
And I found the result is the same whether I use OPENSSL_ALGO_DSS1 or OPENSSL_ALGO_SHA1(the default).

PMExtra on 6 Jan 2019

Was this page helpful?

0 / 5 - 0 ratings