[TYPO3-core] openssl als required PHP extension

Steffen Gebert steffen.gebert at typo3.org
Fri Oct 21 00:02:43 CEST 2011


I'm a bit wondering about introducing openssl as required extension.

* It is needed for rsaauth, thus it is checked in the 1-2-3 wizard.
* On the other hand, rsaauth wouldn't enable itself, if openssl is not 
available (<- or has this been changed?)

* "Restructure the random byte generator"
is IMHO a requirement for the release, as it seems that we will fail 
otherwise on (some/all?) Windows systems.

There was also some confusion, whether we can count on OpenSSL, or not.

The thing is: What's with the people updating there installation (and 
running PHP without openssl? Stupid idea, I know. But I expect them (on 
*nix systems) to run into Fatal Error (openssl_random_pseudo_bytes() 

So to come to a point: Although it might be good to require openssl 
extension, it has (except faster rand generator, secure smtp mail 
transport, better salted passwords implementation) no real benefits, 
when having its introduction because of saltedpasswords in mind. 
saltedpasswords can also run with a command line openssl binary.

Currently, this fact is *not* mentioned in the Release Notes!

Kind regards

Steffen Gebert
TYPO3 v4 Core Team Member
TYPO3 Server Administration Team Member

TYPO3 .... inspiring people to share!
Get involved: http://typo3.org

More information about the TYPO3-team-core mailing list