[wp-trac] [WordPress Trac] #34924: Network upgrade fails on tls 1.2 only servers
WordPress Trac
noreply at wordpress.org
Wed Dec 9 18:53:30 UTC 2015
#34924: Network upgrade fails on tls 1.2 only servers
--------------------------+------------------------------
Reporter: mensmaximus | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: HTTP API | Version: 4.4
Severity: normal | Resolution:
Keywords: | Focuses: multisite
--------------------------+------------------------------
Changes (by jeremyfelt):
* focuses: => multisite
* component: General => HTTP API
Comment:
Hi @mensmaximus, thanks for the ticket.
The option for TLSv1.2 was added to
[http://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html cURL in 7.34.0] and
to [http://curl.haxx.se/docs/ssl-compared.html OpenSSL in 1.0.1c].
I think it makes sense there would be trouble connecting to a server that
only accepted TLSv1.2 connections unless the libraries are more up to
date. Most server configurations should probably support both TLSv1.0 and
TLSv1.2 so that the client can choose. In the described scenario, Nginx
can offer TLSv1.0 and TLSv1.2 and clients such as Firefox will choose
TLSv1.2.
We don't explicitly set any `CURLOPT_SSLVERSION` in core, so cURL should
be able to make the determination itself based on the protocols available
to it and those offered by the server. The `http_api_curl` filter can be
used to set more explicit versions.
I'm not sure there's anything we can do in core directly, though I think
that filter should help.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34924#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list