Last checked and updated on April 20, 2026What Is New in phpseclib 3.0
| Category | Key Changes |
|---|---|
| New Features | PHP 8.0+ requirement, OpenSSH agent forwarding, Ed25519 support, ChaCha20 encryption |
| Improvements | Faster prime generation, GCM mode support, better SSH key handling |
| Bug Fixes | SSH packet handling, key parsing, Windows compatibility fixes |
| Security | Side-channel attack prevention, constant-time algorithms |
| Deprecated | RC4 cipher, old PHP version support, certain method signatures |
Why did phpseclib 3.0 drop support for older PHP versions?
phpseclib 3.0 requires PHP 8.0 or higher. This move lets the library use modern PHP features like union types and attributes, which improve code quality and performance.
Dropping legacy support means cleaner code and fewer compatibility hacks. You'll need to upgrade your PHP environment if you're still on older versions.
What new cryptography features were added?
Version 3.0 introduces several modern crypto algorithms. Ed25519 support provides faster and more secure digital signatures compared to traditional algorithms.
ChaCha20 encryption and Poly1305 authentication offer high-performance alternatives to AES. GCM mode support enhances symmetric encryption capabilities for SSH and TLS implementations.
How does OpenSSH agent forwarding work?
The new OpenSSH agent forwarding feature allows SSH clients to use local SSH keys when connecting through intermediate servers. This eliminates the need to store private keys on jump hosts.
In practice, this means more secure SSH workflows since private keys stay on your local machine. The implementation follows the OpenSSH agent protocol specification closely.
What performance improvements were made?
Prime number generation saw significant speed boosts through optimized algorithms. This matters for Diffie-Hellman key exchange and RSA key generation operations.
SSH packet processing also got faster with reduced memory allocation overhead. These changes make sustained SSH connections and bulk data transfers more efficient.
What security enhancements were implemented?
The library now uses constant-time algorithms for cryptographic operations to prevent timing attacks. This is crucial for comparing authentication tokens and signature verification.
Side-channel resistant implementations help protect against information leakage through cache timing. Deprecated and weak ciphers like RC4 were completely removed from the codebase.
FAQ
Is phpseclib 3.0 backward compatible with 2.0?
No, it's a major breaking change. You'll need to update your code for PHP 8.0+ and address deprecated method removals.
Can I use Ed25519 keys for SSH connections?
Yes, 3.0 fully supports Ed25519 keys for both authentication and host key verification.
Does agent forwarding work on Windows?
Yes, but you'll need to run Pageant or the Windows OpenSSH agent for the key storage component.
Why was RC4 cipher removed?
RC4 is considered cryptographically weak and has been deprecated in security standards for years.
How much faster is prime generation?
Benchmarks show 2-3x improvement for common prime sizes used in SSH and TLS handshakes.