[wp-trac] [WordPress Trac] #34924: Network upgrade fails on tls 1.2 only servers
WordPress Trac
noreply at wordpress.org
Wed Dec 9 21:08:19 UTC 2015
#34924: Network upgrade fails on tls 1.2 only servers
--------------------------+------------------------------
Reporter: mensmaximus | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: HTTP API | Version: 4.4
Severity: normal | Resolution:
Keywords: | Focuses: multisite
--------------------------+------------------------------
Comment (by jeremyfelt):
Replying to [comment:2 mensmaximus]:
> From my point of view it would not hurt if WordPress HTTP API would
operate with TLS by default setting CURLOPT_SSLVERSION to
CURL_SSLVERSION_TLSv1 because it will auto-negotiate between all available
TLS versions and choose the highest available. In addition from cURL 7.39
on SSLv3 is disabled by default.
I like this idea in general. Is there anything that wouldn't be compatible
with it? These
[https://securitypitfalls.wordpress.com/2015/12/07/november-2015-scan-
results/ scan stats] show 98.9% of servers supporting TLS1.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34924#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list