Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
3.11
-
MOODLE_311_STABLE
-
MOODLE_403_STABLE
-
- Covered by automated tests (PHPUnit)
-
1
Description
In the 3.11 requirements issues (MDL-69308 and MDL-70363) it was initially agreed to make the php-sodium extension a requirement for Moodle.
But, in the very same issues, it was finally decided to lower it to be only a recommendation and that was done @ MDL-71420.
Part of that issue and the decisions taken was that the "lowering" was only a temporal solution and, as soon as a new LTS was released (4.1), the requirement would be back, removing the current fallback (less strong crypto-code) allowing Moodle to work without php-sodium.
For more information about the discussions and rationale for the changes, please visit the linked issues.
So this is issue is about to:
1) Make php-sodium a requirement for 4.2 (1st version after LTS). Done @ MDL-74905
2) Final removal of the fallback code @ lib/classes/encryption.php
3) Consider what to do with the decrypt() method that may need to continue supporting the openssl fallback forever. Alternatively is to convert, in upgrade, all the encrypted contents to the new, sodium, alternative, but I'm not sure if that's possible.
Note this will need to be linked to the "4.2 moodle requirements" issue whenever it becomes created.
Attachments
Issue Links
- has been marked as being related by
-
MDL-71420 Lower php-sodium requirement down to recommendation
-
- Closed
-
-
MDL-74905 Decide Moodle 4.2 requirements and push them to environment.xml (due date: 2022-12-26)
-
- Closed
-
- has to be done before
-
-
- Open
-
- will help resolve
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
