added additional ssl_method options and changed default ssl_method to use tls

[Iversion]

The SSL methods available in the soap extension has fallen behind those made available in the openssl. This update adds the additional openssl crypto methods and updates the default behavior to use TLS to keep in line with modern security standards.

[patrickallaert]

Sounds good to me, but should target PHP 8.1 IMHO.

[IMSoP]

FYI, I recently proposed the opposite approach for this: deprecate that setting, since the full set of protocols is available via a different option: https://wiki.php.net/rfc/deprecations_php_8_1#ssl_method_option_to_soapclient_constructor

Note that because of changes elsewhere, "ssl" and "tls" are equivalent, so your proposed SOAP_SSL_METHOD_ANY and SOAP_SSL_METHOD_TLS_ANY will have the same behaviour as SOAP_SSL_METHOD_SSLv23, and the default already selects at least TLS v1.0.

If we don't go ahead with the deprecation, it might make sense to define something like this:

#define SOAP_SSL_METHOD_DEFAULT  0
#define SOAP_SSL_METHOD_SSLv2    1
#define SOAP_SSL_METHOD_SSLv3    2
/* value 3 reserved; was previously value of SOAP_SSL_METHOD_SSLv23 */
#define SOAP_SSL_METHOD_TLSv1_0  4
#define SOAP_SSL_METHOD_TLSv1_1  5
#define SOAP_SSL_METHOD_TLSv1_2  6

/* aliases for compatibility */
#define SOAP_SSL_METHOD_SSLv23   SOAP_SSL_METHOD_DEFAULT
#define SOAP_SSL_METHOD_TLS   SOAP_SSL_METHOD_DEFAULT

[bukka]

I think it would be much better to use something similar to min_proto_version and max_proto_version from the stream. That prevents creating holes (e.g. enabling just 1.0 and 1.2 but not 1.1) that are problematic as it can lead to issues.

[nikic]

As the deprecation referenced above has been accepted, I'm going to close this PR. No point in adding support for this to deprecated functionality.