Curl test tls 1.29/6/2023 ![]() ![]() In addition from cURL 7.39 on SSLv3 is disabled by default. From my point of view it would not hurt if WordPress HTTP API would operate with TLS by default setting CURLOPT_SSLVERSION to CURL_SSLVERSION_TLSv1 because it will auto-negotiate between all available TLS versions and choose the highest available. There are thousands of recommendations to stop using SSLv2 and SSLv3. ![]() ![]() Anyway helping making the web more secure should be our goal. Yes this is a cURL issue and not something related to WordPress. In my tests Firefox did not choose TLSv1.2 if the server is set to "ssl_protocols TLSv1 TLSv1.1 TLSv1.2 " and "ssl http2". I help a lot at and I see questions about error messages a lot. However most Multisite users will struggle in the first place if they come across an error telling "TCP connection reset by peer". It is great to know there is a filter and I will use it for the future. Setting CURLOPT_SSLVERSION to CURL_SSLVERSION_TLSv1 solves the issue. The main issue is that although cURL 7.29 on Centos and probably RedHat do support TLSv1.2 it does not auto-negotiate. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |