add support for TLSv1.3 to WP Widget WP RSS

[bummtschak]

This is about the WP RSS Widget, e.g. found in WPBakery in the WordPress Widgets sections. So I hope core is the correct location to file this feature request.

The widget does currently only support TLSv1.2 it seems. When using a Feed URL which goes to a server supporting only TLSv1.3 this will result in the widget throwing wild errors.

Ideally TLSv1.3 support would be added to WP RSS widget so that users don't run into issues when using current TLS version.

A workaround is for the server to allow TLSv1.2, but that is not a great solution.

Thank you for taking this into consideration.

[johnbillion]

What is the error that you're seeing in the widget @bummtschak? There shouldn't be anything inherent in this widget that means it doesn't support TLS 1.3, so any further details you can provide would help.

[bummtschak]

Thanks for responding. The error shown by the widget was:

RSS Error: WP HTTP Error: cURL error 35: OpenSSL/1.0.2k-fips: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

Activating TLSv1.2 on the server from which the RSS feed was coming resolved that error.

[johnbillion]

@bummtschak The problem here is that openssl 1.0.2k is very outdated and doesn't support TLS 1.3. This isn't anything specific to the RSS widget. You'll need to speak to your web host about updating to a newer version. Good luck!

[bummtschak]

Will do - thanks for your feedback on this and looking into the error. Sorry for the false alarm. I had done some debugging with the server admin but obviously with the wrong focus on TLS and not SSL.