-
Bug
-
Resolution: Fixed
-
Minor
-
3.11.4, 4.0
-
MOODLE_311_STABLE, MOODLE_400_STABLE
-
MOODLE_311_STABLE
-
From PHP 8.0 release notes:
openssl_seal() and openssl_open() now require $method to be passed, as the
previous default of "RC4" is considered insecure.
So this issues is, simply, about to:
1) Add that 5th parameter to all cases in core, continuing with current "RC4" default, so all installations will continue working ok.
2) MDL-73518 - Create another issue, about to consider moving the "RC4" default to a better one, surely including init vector too.
Note that, in practice... 2) is not critical as far as now all sites run over SSL, hence, data is double encrypted, once by the MNet RC4 implementation, not ideal, and another by the http SSL layer (usually safer).
- Testing discovered
-
MDL-73518 Switch MNet RC4 method to better alternative, keeping BC
- Reopened