Require $method parameter in openssl_seal/openssl_open

RC4 is considered insecure, and it's not possible to change the default of these functions. As such, require the method to be passed explicitly. Closes GH-6093.
author: Nikita Popov <nikita.ppv@gmail.com> 2020-09-08 11:06:49 +0200
committer: Nikita Popov <nikita.ppv@gmail.com> 2020-09-08 14:21:01 +0200
commit: 3e149427561dc04650aacfa61f9eb431da397997 (patch)
tree: 93bab0b9fb3d8ceb77e3e5d18b34d53a60b3563f /UPGRADING
parent: 259af931e62e11dbc040adc30f8f00dbc1e3f2d3 (diff)
download: php-git-3e149427561dc04650aacfa61f9eb431da397997.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/UPGRADING b/UPGRADING
index 0621d8eade..e38f0307c0 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -403,6 +403,8 @@ PHP 8.0 UPGRADE NOTES
   . The openssl_pkey_free() function is deprecated and no longer has an effect,
     instead the OpenSSLAsymmetricKey instance is automatically destroyed if it is no
     longer referenced.
+  . openssl_seal() and openssl_open() now require $method to be passed, as the
+    previous default of "RC4" is considered insecure.
 
 - PCRE:
   . When passing invalid escape sequences they are no longer interpreted as
author	Nikita Popov <nikita.ppv@gmail.com>	2020-09-08 11:06:49 +0200
committer	Nikita Popov <nikita.ppv@gmail.com>	2020-09-08 14:21:01 +0200
commit	3e149427561dc04650aacfa61f9eb431da397997 (patch)
tree	93bab0b9fb3d8ceb77e3e5d18b34d53a60b3563f /UPGRADING
parent	259af931e62e11dbc040adc30f8f00dbc1e3f2d3 (diff)
download	php-git-3e149427561dc04650aacfa61f9eb431da397997.tar.gz