WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 2 years ago

#47162 closed enhancement (invalid)

cURL cipher list

Reported by: jasonmader Owned by:
Milestone: Priority: normal
Severity: minor Version: 5.1.1
Component: External Libraries Keywords:
Focuses: Cc:

Description

If the PHP cURL plugin doesn't read a .curlrc from anywhere to set ciphers and I haven't been able to find that it does, it would be nice if Requests/Transport/cURL.php could set the cipher list from some configurable option,

<?php
curl_setopt( $this->handle, CURLOPT_SSL_CIPHER_LIST, $options['cipher_list'] );

It’ll vary by system, but the default cURL/SSL cipher list is pretty clunky and may unexpectedly contain some poor ciphers, here's an example of the default list,

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:0x00a5:DHE-DSS-AES256-GCM-SHA384:0x00a1:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:0x0069:0x0068:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:0x0037:0x0036:0x0088:0x0087:0x0086:0x0085:0xc032:0xc02e:0xc02a:0xc026:0xc00f:0xc005:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:0x0084:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:0x00a4:DHE-DSS-AES128-GCM-SHA256:0x00a0:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:0x003f:0x003e:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:0x0031:0x0030:0x009a:0x0099:0x0098:0x0097:0x0045:0x0044:0x0043:0x0042:0xc031:0xc02d:0xc029:0xc025:0xc00e:0xc004:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:0x0096:0x0041:0x0007:0xc012:0xc008:0x0016:0x0013:0x0010:0x000d:0xc00d:0xc003:0x000a:TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Change History (1)

#1 @dd32
2 years ago

  • Component changed from Security to External Libraries
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi @jasonmader,

The Requests library is an external project which is shipped with WordPress, any bugs/enhancements for it should be reported directly to the Github project.

Given the minor nature of this issue, and that it's in an external library, I'm going to close this ticket out for now but encourage you to report it upstream.

Note: See TracTickets for help on using tickets.