[wp-trac] [WordPress Trac] #36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed

WordPress Trac noreply at wordpress.org
Mon Apr 4 17:34:59 UTC 2016


#36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
--------------------------+------------------------
 Reporter:  reidbusi      |       Owner:
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:
Component:  HTTP API      |     Version:  4.4.2
 Severity:  major         |  Resolution:  duplicate
 Keywords:                |     Focuses:
--------------------------+------------------------

Comment (by reidbusi):

 Replying to [comment:26 mikejolley]:

 I see the current code in Woo master tree is using the integer value of
 the constant now, but you might as well just set it to 6, since it is only
 affecting paypal the way you have it written, and paypal will not allow
 anything other than TLS 1.2 (currently on sandbox and also on live as of
 June 17th).

 So there is no sense in allowing negotiation, it is detrimental, as some
 hosts (like mine) cannot do the negotiation anyway.

 Basically, paypal is only allowing TLS 1.2 so there is no sense setting it
 to 1 which is more likely to fail, when you can just set it to six which
 is required anyway.

 Just my thoughts.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/36320#comment:27>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list