Affects Version/s: 3.11
Fix Version/s: None
But, in the very same issues, it was finally decided to lower it to be only a recommendation and that was done @
Part of that issue and the decisions taken was that the "lowering" was only a temporal solution and, as soon as a new LTS was released (4.1), the requirement would be back, removing the current fallback (less strong crypto-code) allowing Moodle to work without php-sodium.
For more information about the discussions and rationale for the changes, please visit the linked issues.
So this is issue is about to:
1) Make php-sodium a requirement for 4.2 (1st version after LTS).
2) Final removal of the fallback code @ lib/classes/encryption.php
3) Consider what to do with the decrypt() method that may need to continue supporting the openssl fallback forever. Alternatively is to convert, in upgrade, all the encrypted contents to the new, sodium, alternative, but I'm not sure if that's possible.
Note this will need to be linked to the "4.2 moodle requirements" issue whenever it becomes created.