From: Niklas Keller <me@kelunik.com>
Date: Sun, 18 Jun 2017 23:54:45 +0000 (-0400)
Subject: Default single_dh_use and honor_cipher_order to true
X-Git-Tag: php-7.2.0alpha2~19
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9badf353867c0b1b6aa1db183ecf090573f0dd4d;p=php

Default single_dh_use and honor_cipher_order to true
---

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 66e1d598af..c56e67f365 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -1252,12 +1252,12 @@ static int set_server_specific_opts(php_stream *stream, SSL_CTX *ctx) /* {{{ */
 
 	set_server_dh_param(stream, ctx);
 	zv = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "single_dh_use");
-	if (zv != NULL && zend_is_true(zv)) {
+	if (zv == NULL || zend_is_true(zv)) {
 		ssl_ctx_options |= SSL_OP_SINGLE_DH_USE;
 	}
 
 	zv = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "honor_cipher_order");
-	if (zv != NULL && zend_is_true(zv)) {
+	if (zv == NULL || zend_is_true(zv)) {
 		ssl_ctx_options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
 	}