[wp-trac] [WordPress Trac] #36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
WordPress Trac
noreply at wordpress.org
Sat Apr 23 14:31:44 UTC 2016
#36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
--------------------------+------------------------
Reporter: reidbusi | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: HTTP API | Version: 4.4.2
Severity: major | Resolution: duplicate
Keywords: | Focuses:
--------------------------+------------------------
Comment (by reidbusi):
I went ahead and created a tool that should be able to deal with this in
most situations and be helpful for diagnostics. It is not a plugin for
non-technical users. As mentioned in the description it is intended to be
for "advanced users, site administrators and developers", though a clever
user could be instructed how to use it. I may add further instruction to
the description intended for average users, such as example options for
services like Paypal and Moneris or perhaps pre-made rule-sets to be
configured at the press of a button.
https://wordpress.org/plugins/reid-plugins-curl-options/
The most interesting thing that I learned in the production of this plugin
is that '''cURL can be built with NSS instead of OpenSSL''' (as is the
case on the server I am using at my current host): PHP/5.4.45 - cURL/
7.19.7 - NSS/3.19.1.
I suspect that this fact may explain a lot of the confusion about this
issue and the behaviour observed on various servers as discussed above and
in the other ticket.
The other interesting thing to note is that some constant defines such as
CURL_SSLVERSION_TLSv1_2 has
only been available since PHP 5.5.19 and 5.6.3, though the integer value
does work on my servers setup. This is all mostly described in the plugin
description.
The other complication is cipher names, cipher suite strings and their
formats, it will be difficult to automate the determination of available
ciphers on a server, if possible at all.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36320#comment:28>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list