This is not a bug; it’s just a question/suggestion.
Why is Laravel still using OpenSSL for encryption/decryption? PHP 7.2 introduced the Sodium extension, which provides a simpler, more modern, and secure way to handle encryption. With Laravel 11 requiring PHP 8.1 as the minimum version, it seems like a great opportunity to introduce Sodium as an option for encryption.
Suggestion:
Laravel 11: Add Sodium as an optional encryption engine, allowing developers to start using it right away.
Laravel 12+: Make Sodium the default encryption engine, while still keeping OpenSSL as a fallback for backward compatibility.
Modern API: Sodium offers a simpler and less error-prone interface compared to OpenSSL.
Security: Sodium is designed with modern cryptographic best practices in mind and is less prone to misuse.
Performance: Sodium is optimized for modern hardware and provides better performance in many scenarios.
If this suggestion is given the green light, I’d be happy to prepare a pull request to add Sodium support to Laravel. Please let me know your thoughts or if there’s already a roadmap for this feature.
Steps To Reproduce
no need to reproduce. It's not a bug (see description)
Laravel Version
11
PHP Version
8.3
Database Driver & Version
No response
Description
This is not a bug; it’s just a question/suggestion.
Why is Laravel still using OpenSSL for encryption/decryption? PHP 7.2 introduced the Sodium extension, which provides a simpler, more modern, and secure way to handle encryption. With Laravel 11 requiring PHP 8.1 as the minimum version, it seems like a great opportunity to introduce Sodium as an option for encryption.
Suggestion:
Laravel 11: Add Sodium as an optional encryption engine, allowing developers to start using it right away. Laravel 12+: Make Sodium the default encryption engine, while still keeping OpenSSL as a fallback for backward compatibility.
Modern API: Sodium offers a simpler and less error-prone interface compared to OpenSSL. Security: Sodium is designed with modern cryptographic best practices in mind and is less prone to misuse. Performance: Sodium is optimized for modern hardware and provides better performance in many scenarios. If this suggestion is given the green light, I’d be happy to prepare a pull request to add Sodium support to Laravel. Please let me know your thoughts or if there’s already a roadmap for this feature.
Steps To Reproduce
no need to reproduce. It's not a bug (see description)