[wp-trac] [WordPress Trac] #34924: Network upgrade fails on tls 1.2 only servers
WordPress Trac
noreply at wordpress.org
Wed Dec 9 21:33:47 UTC 2015
#34924: Network upgrade fails on tls 1.2 only servers
--------------------------+------------------------------
Reporter: mensmaximus | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: HTTP API | Version: 2.7
Severity: normal | Resolution:
Keywords: | Focuses: multisite
--------------------------+------------------------------
Comment (by mensmaximus):
Replying to [comment:3 jeremyfelt]:
> I like this idea in general. Is there anything that wouldn't be
compatible with it? These
[https://securitypitfalls.wordpress.com/2015/12/07/november-2015-scan-
results/ scan stats] show 98.9% of servers supporting TLS1.
The only issue I can think of is if you explicitly choose a weak cipher
while using TLS. That would make the connect fail. But as no cipher is
chosen in the WordPress HTTP API I dont see a problem. It might be best to
reach out to plugin developers known for using the HTTP API as part of
their code to ask for testing. Maybe some of them already use the
http_api_curl filter to use TLS.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34924#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list