Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Improve TLS 1.3 support #186
TLS 1.3 is now an official standard as of August 2018 (https://tools.ietf.org/html/rfc8446) which is great news!
OpenSSL 1.1.1 supports TLS 1.3 (https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/). For example, this version ships with Ubuntu 18.10 (and newer) by default, meaning that recent installations support TLS 1.3 out of the box
At the time of writing this, PHP does not know about TLS 1.3 at all. Interestingly, due to the way how PHP interfaces with OpenSSL, this means that TLS 1.3 is in fact enabled by default for all client and server connections when using a recent OpenSSL version (see also #184 for more details).
This PR improves TLS 1.3 support by working around the issues described in #184. In other words, prior to applying this patch, creating a TLS 1.3 connection could result in 100% CPU usage due to a bug in PHP. After applying this patch, this is worked around by consuming all stale data from the TLS receive buffers and as such support TLS 1.3 as well as older TLS versions. Accordingly, the test suite has been updated to add tests for all available TLS versions. The test suite confirms that existing behavior has not changed.
While PHP does not know about TLS 1.3 at the moment, there is however a pending PR that adds full TLS 1.3 support for a future PHP version (php/php-src#3700). This PR is designed in such a way as to be forwards compatible with when PHP receives official TLS 1.3 support and also when the underlying stream issue has been fixed (php/php-src#3729). Again, the test suite covers these details to avoid any future regressions.