Improved SSL/TLS

Starting with version 7.2, PHP’s I/O subsystem and the underlying streams API have been updated to support a recent version of TLS encryption by default. Any connection made using tls:// now advertises support for TLS up to 1.2 rather than just TLS 1.0 as before. Be aware that this change might break connection attempts to TLS servers that only have support for TLS 1.0 enabled and that are intolerant at the same time.

As the old SSL protocol is inherently insecure and should thus no longer be used, the scheme ssl:// was turned into an alias for tls. This change will break ssl:// wrapper connection attempts if the remote host only supports SSL but does not support TLS. For security reasons, downgrading to older TLS or even SSL protocol versions is strongly discouraged. If needed anyway, an explicit context option passing the desired combination of STREAM_CRYPTO_METHOD_SSLv2_*, STREAM_CRYPTO_METHOD_SSLv3_* and STREAM_CRYPTO_METHOD_TLS can be used to force the old and insecure behavior.