Closed jalder closed 6 years ago
peledies
commented
6 years ago Im having the same issue. I like the way Stripe handles the ability to extend the http client request.
\Stripe\ApiRequestor::setHttpClient(
new \Stripe\HttpClient\CurlClient(
[ CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_2 ]
)
);Thats probably just one of the reasons developers prefer it over the old dinosaurs. Having to fork this repo to fix a basic security issue shouldn't be the only option.
slogsdon
commented
6 years ago @jalder Deepest apologies for never circling back here. We ended up pushing an update to allow custom Curl options to be set (see be2afe1bb4514931e9ce3faa52347eeff4c7bff6).
@peledies We offer the same ability in our SDK, just in a different form:
$config = new ServicesConfig();
// set credentials
$config->curlOptions = array(
CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_2, // or 6
);
$service = new HpsCreditService($config);Please let us know if there are any questions/concerns.
The latest version of curl available on a base CentOS 6.7 (using epel repo) is version 7.19.7. I am receiving an SSL error using curl from cli for the webserver.
Example:
This is causing an error when attempted to run a transaction: HpsGatewayException in HpsGatewayServiceAbstract.php line 86: Unexpected response (SSL connect error).
Specifying the CUROPT_SSLVERSION to 6 (which equates to constant CURL_SSLVERSION_TLSv1_2) corrects the issue (in src/Abstractions/HpsGatewayServiceAbstract.php)
I understand that this is an issue with the version of curl provided in CentOS 6.7 (packages are all up to date at time of testing).
Would you prefer to not address this issue in the library for web hosts running CentOS 6.7 and have us fork this library (or require that web hosts using this build a newer version of curl/nss from source) or patch this PHP library to specify the TLS version?