[wp-trac] [WordPress Trac] #36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
WordPress Trac
noreply at wordpress.org
Wed Mar 30 12:29:39 UTC 2016
#36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
--------------------------+------------------------
Reporter: reidbusi | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: HTTP API | Version: 4.4.2
Severity: major | Resolution: duplicate
Keywords: | Focuses:
--------------------------+------------------------
Comment (by reidbusi):
Replying to [comment:19 mikejolley]:
Glad to see that Mike, but in my testing I found that wp-cron will
interfere with the $url parameter provided by the http_api_curl action. So
one needs to examine the curl handle itself to determine which connection
is currently being made by curl.
Also my host's current setup cannot negotiate TLS connections (as well in
testing on my host I found the defines for CURLOPT_SSLVERSION were not
available and the integer values must be used [i.e. 6 instead of
CURL_SSLVERSION_TLSv1_2]), so I'm pretty confident that your commit will
not work on my host (Hostgator).
>The PHP binaries on our shared hosting servers are linked against the
system libraries and utilize an older library that does not auto-negotiate
SSL connections with other servers. This is expected to be fixed in CentOS
version 6.8, which our servers will automatically update to once the
release is pushed. You can see more about the bug report here:
https://bugzilla.redhat.com/show_bug.cgi?id=1289205 . We're hopeful that
CentOS 6.8 should be released within the next few months.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36320#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list