[wp-trac] [WordPress Trac] #36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
WordPress Trac
noreply at wordpress.org
Thu Mar 24 14:04:55 UTC 2016
#36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
--------------------------+------------------------
Reporter: reidbusi | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 4.4.2
Severity: normal | Resolution: duplicate
Keywords: | Focuses:
--------------------------+------------------------
Comment (by SergeyBiryukov):
> WordPress functions, as called by WooCommerce default to using curl with
HTTP/1.0 and TLS 1.0. These defaults need to be changed.
As far as I can see,
[https://plugins.trac.wordpress.org/browser/woocommerce/tags/2.5.5/includes/gateways/paypal/includes
/class-wc-gateway-paypal-ipn-handler.php?marks=83#L69 WooCommerce does set
httpversion to 1.1] for PayPal requests.
It does not set `CURLOPT_SSLVERSION` at the moment, but the
[https://developer.wordpress.org/reference/hooks/http_api_curl/
http_api_curl] filter can be used for that.
This appears to be a WooCommerce issue, I don't see why WordPress core
defaults need to be changed.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36320#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list