No ability to indicate TLS version

docusign / docusign-esign-php-client

The Official Docusign PHP Client Library used to interact with the eSign REST API. Send, sign, and approve documents using this client.

https://www.docusign.com/devcenter

MIT License

198 stars 123 forks source link

No ability to indicate TLS version #57

Closed trickeyone closed 5 years ago

trickeyone commented 6 years ago

My company was just contacted by someone from DocuSign indicating that DocuSign is moving away from TLS 1.0 to TLS1.2. However, there is no way to set this in the Configuration and no way to set it in a curl config file. Can a new config setting be introduced to allow passing the CURLOPT_SSLVERSION setting? (i.e. CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_TLSv1_2)

LarryKlugerDS commented 5 years ago

DocuSign now supports TLS v 1.1 and later. If your curl library (and associated SSL/TLS library) is up to date then your application will auto-negotiate the TLS protocol version with the server (DocuSign).

There's only a problem if the application's supported TLS versions don't overlap with the server's version.

Setting an explicit TLS version is not recommended since an old (and not updated) application might continue to use an old TLS protocol when a newer one would have been otherwise automatically used.

trickeyone commented 5 years ago

Sorry for the late reply. The reason we needed it was explicitly because the version of libcurl on the system in question was constantly defaulting to TLS 1.0. TLS 1.2 was available, but it wasn't being used. We've since upgraded the system and TLS 1.2 is being used by default, now.