From 0ce171c00aafb36c1b4cc38ef0b808570f6b8548 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Mon, 22 May 2023 12:35:34 +0200 Subject: [PATCH] [HttpClient] Document the crypto_method option --- reference/configuration/framework.rst | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/reference/configuration/framework.rst b/reference/configuration/framework.rst index 937ed629d79..46453bbdf64 100644 --- a/reference/configuration/framework.rst +++ b/reference/configuration/framework.rst @@ -1027,9 +1027,21 @@ ciphers **type**: ``string`` -A list of the names of the ciphers allowed for the SSL/TLS connections. They +A list of the names of the ciphers allowed for the TLS connections. They can be separated by colons, commas or spaces (e.g. ``'RC4-SHA:TLS13-AES-128-GCM-SHA256'``). +crypto_method +............. + +**type**: ``integer`` + +The minimum version of TLS to accept. The value must be one of the +``STREAM_CRYPTO_METHOD_TLSv*_CLIENT`` constants defined by PHP. + +.. versionadded:: 6.3 + + The ``crypto_method`` option was introduced in Symfony 6.3. + delay ..... @@ -1183,7 +1195,7 @@ peer_fingerprint **type**: ``array`` -When negotiating a TLS or SSL connection, the server sends a certificate +When negotiating a TLS connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and if it does not exactly match any of the public keys provided in this option, the connection is aborted before sending or receiving any data. @@ -1265,7 +1277,7 @@ verify_peer **type**: ``boolean`` **default**: ``true`` -If ``true``, the certificate sent by other servers when negotiating a TLS or SSL +If ``true``, the certificate sent by other servers when negotiating a TLS connection is verified for authenticity. Authenticating the certificate is not enough to be sure about the server, so you should combine this with the ``verify_host`` option.