omise / omise-php

Omise PHP library
https://docs.opn.ooo
MIT License
67 stars 41 forks source link

omise-php should set CURLOPT_SSLVERSION to prevent TLS 1.1 request on some platform. #79

Open sfalpha opened 6 years ago

sfalpha commented 6 years ago

Some Linux server (Esp. RHEL and CentOS 6.5 till 6.7) are support TLS 1.2 but CURL library is not default to use TLS 1.2 to connect by default.

This result in those server that use omise-php library will trying to connect omise server using outdated TLS 1.1 version which Omise does not support since June 2018.

So I suggest omise-php to update CURL code to set CURLOPT_SSLVERSION to force TLS 1.2. And if system is really not support TLS 1.2 they will emit errors instead of still connect using TLS 1.1.

This similiar fixed already applied in Paypal Braintree-SDK a while ago to force TLS 1.2 when they depecreated old TLS version.

Refer to braintree-php https://github.com/braintree/braintree_php/issues/160

aashishgurung commented 1 year ago

Thanks for raising this. We have added this to our backlog and let you know once it's been done.