[wp-trac] [WordPress Trac] #34924: Network upgrade fails on tls 1.2 only servers
WordPress Trac
noreply at wordpress.org
Mon Jul 16 19:56:09 UTC 2018
#34924: Network upgrade fails on tls 1.2 only servers
--------------------------+------------------------------
Reporter: mensmaximus | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: HTTP API | Version: 2.7
Severity: normal | Resolution:
Keywords: https | Focuses: multisite
--------------------------+------------------------------
Comment (by mnelson4):
an update:
WooCommerce has stopped doing what I pasted previous, as is now always
setting `CURLOPT_SSLVERSION` to 6 (CURL_SSLVERSION_TLSv1_2). See
https://github.com/woocommerce/woocommerce/blob/bfebd305654919629d5d8e32782ef0d249416991/includes
/class-wc-https.php#L133
Here's some rationale for it: https://github.com/woocommerce/woocommerce-
gateway-stripe/issues/45#issuecomment-248846989
We found on https://github.com/eventespresso/event-espresso-core/pull/581
when CURL on 7.29 and openSSL on 1.0.1e, setting `CURLOPT_SSLVERSION` to 1
actually CAUSED TLS/SSL handshake to fail. (I think that's because that
version of CURL was instructing openSSL to use TLS1.0 by providing the
argument `-tls1`, which would fail when communicating with servers
requiring TLS1.2 or higher).
On the other hand, leaving `CURLOPT_SSLVERSION` as the default, or setting
it to 6, resolved the issue. (I think ommitting `CURLOPT_SSLVERSION`
worked because it allowed openSSL to negotiate the TLS/SSL version. Using
6 also worked because that version of CURL didn't know how to handle it,
and so passed nothing and was equivalent to not specifying
`CURLOPT_SSLVERSION` at all.)
So in summary: setting `CURLOPT_SSLVERSION` to 1 seems to help for some
versions (Eg 7.29) of CURL when communicating with servers only supporting
TLS 1.2, but can cause problems for other versions (eg 7.24).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34924#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list