[wp-trac] [WordPress Trac] #36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed

WordPress Trac noreply at wordpress.org
Wed Mar 30 15:33:19 UTC 2016


#36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
--------------------------+------------------------
 Reporter:  reidbusi      |       Owner:
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:
Component:  HTTP API      |     Version:  4.4.2
 Severity:  major         |  Resolution:  duplicate
 Keywords:                |     Focuses:
--------------------------+------------------------

Comment (by reidbusi):

 Hi Mike, thanks for the reply. Yes I have read the other ticket and the
 discussion about negotiation of TLS versions, which is why I quoted a
 reply from my host (here it is again):

 >The PHP binaries on our shared hosting servers are linked against the
 system libraries and utilize an older library that does not auto-negotiate
 SSL connections with other servers. This is expected to be fixed in CentOS
 version 6.8, which our servers will automatically update to once the
 release is pushed. You can see more about the bug report here:
 https://bugzilla.redhat.com/show_bug.cgi?id=1289205 . We're hopeful that
 CentOS 6.8 should be released within the next few months.

 Also, the defines for the values of CURLOPT_SSLVERSION are missing on my
 hosts setup. The integer values must be used.

 wp_cron is related, because when you test the paypal ipn connection,
 wordpress may decide to run cron which it appears it does through curl,
 and when you look at the contents of the $url variable it contains the
 cron url (scope issue?). It will do this inconsistently (not on every
 request). This was revealed in my testing where I was dumping variables
 with print_r() to observe what was going on. If I have time later I can
 dig out the code I was using to test that and demonstrate it for you.
 Right now I am working on site content for a client and don't have time to
 repeat this at the moment.

 So while we are making progress here, the current commit to the woo master
 branch is still not quite there in my view.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/36320#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list