[wp-trac] [WordPress Trac] #47162: cURL cipher list

WordPress Trac noreply at wordpress.org
Tue May 7 00:11:31 UTC 2019 

#47162: cURL cipher list
-------------------------+-----------------------------
 Reporter:  jasonmader   |      Owner:  (none)
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  Security     |    Version:  5.1.1
 Severity:  minor        |   Keywords:
  Focuses:               |
-------------------------+-----------------------------
 If the PHP cURL plugin doesn't read a .curlrc from anywhere to set
 `ciphers` and I haven't been able to find that it does, it would be nice
 if **Requests/Transport/cURL.php** could set the cipher list from some
 configurable option,

 {{{#!php
 <?php
 curl_setopt( $this->handle, CURLOPT_SSL_CIPHER_LIST,
 $options['cipher_list'] );
 }}}

 It’ll vary by system, but the default cURL/SSL cipher list is pretty
 clunky and may unexpectedly contain some poor ciphers, here's an example
 of the default list,

 ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-
 AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-
 AES256-SHA:0x00a5:DHE-DSS-AES256-GCM-SHA384:0x00a1:DHE-RSA-AES256-GCM-
 SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:0x0069:0x0068:DHE-RSA-
 AES256-SHA:DHE-DSS-
 AES256-SHA:0x0037:0x0036:0x0088:0x0087:0x0086:0x0085:0xc032:0xc02e:0xc02a:0xc026:0xc00f:0xc005:AES256
 -GCM-SHA384:AES256-SHA256:AES256-SHA:0x0084:ECDHE-RSA-AES128-GCM-SHA256
 :ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-
 AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:0x00a4:DHE-DSS-
 AES128-GCM-SHA256:0x00a0:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256
 :DHE-DSS-AES128-SHA256:0x003f:0x003e:DHE-RSA-AES128-SHA:DHE-DSS-
 AES128-SHA:0x0031:0x0030:0x009a:0x0099:0x0098:0x0097:0x0045:0x0044:0x0043:0x0042:0xc031:0xc02d:0xc029:0xc025:0xc00e:0xc004:AES128
 -GCM-
 SHA256:AES128-SHA256:AES128-SHA:0x0096:0x0041:0x0007:0xc012:0xc008:0x0016:0x0013:0x0010:0x000d:0xc00d:0xc003:0x000a:TLS_EMPTY_RENEGOTIATION_INFO_SCSV

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47162>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list