Bug 1714591

Summary: RFE: Please enable argon2 and libsodium support in php
Product: Red Hat Enterprise Linux 8 Reporter: Neal Gompa <ngompa13>
Component: phpAssignee: Remi Collet <rcollet>
Status: CLOSED WONTFIX QA Contact: RHEL Stacks Subsystem QE <rhel-stacks-subsystem-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.1CC: jorton, malonso, rcollet
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-11-11 12:04:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Neal Gompa 2019-05-28 11:48:07 UTC
Description of problem:
The PHP stack in RHEL 8 has libargon2 and libsodium support disabled, which severely cripples or breaks the ability for PHP web applications to do secure password hashing, among other things.

For example, Symfony-based web applications based on Symfony 3.4 can and will use argon2i algorithms[1], and Symfony-based web applications based on Symfony 4.3 can and will use sodium for this[2].

Please reconsider and enable support for argon2 and sodium in PHP.

[1]: https://symfony.com/blog/new-in-symfony-3-4-argon2i-password-hasher
[2]: https://symfony.com/blog/new-in-symfony-4-3-sodium-password-encoder

Version-Release number of selected component (if applicable):
7.2.11-1.el8

Comment 1 Joe Orton 2019-06-28 13:07:40 UTC
We are not planning to add additional cryptography libraries into RHEL, sorry.

Comment 4 Joe Orton 2019-11-11 12:04:19 UTC
We are not planning to support additional cryptography libraries in RHEL, hence sodium/argon support will remain disabled in PHP.