cURL cipher list

[jasonmader]

If the PHP cURL plugin doesn't read a .curlrc from anywhere to set ciphers and I haven't been able to find that it does, it would be nice if Requests/Transport/cURL.php could set the cipher list from some configurable option,

<?php
curl_setopt( $this->handle, CURLOPT_SSL_CIPHER_LIST, $options['cipher_list'] );

It’ll vary by system, but the default cURL/SSL cipher list is pretty clunky and may unexpectedly contain some poor ciphers, here's an example of the default list,

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:0x00a5:DHE-DSS-AES256-GCM-SHA384:0x00a1:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:0x0069:0x0068:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:0x0037:0x0036:0x0088:0x0087:0x0086:0x0085:0xc032:0xc02e:0xc02a:0xc026:0xc00f:0xc005:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:0x0084:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:0x00a4:DHE-DSS-AES128-GCM-SHA256:0x00a0:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:0x003f:0x003e:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:0x0031:0x0030:0x009a:0x0099:0x0098:0x0097:0x0045:0x0044:0x0043:0x0042:0xc031:0xc02d:0xc029:0xc025:0xc00e:0xc004:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:0x0096:0x0041:0x0007:0xc012:0xc008:0x0016:0x0013:0x0010:0x000d:0xc00d:0xc003:0x000a:TLS_EMPTY_RENEGOTIATION_INFO_SCSV

[dd32]

Hi @jasonmader,

The Requests library is an external project which is shipped with WordPress, any bugs/enhancements for it should be ​reported directly to the Github project.

Given the minor nature of this issue, and that it's in an external library, I'm going to close this ticket out for now but encourage you to report it upstream.