Categories
WordPress

Does cURL have POODLE?

同一記事の日本語版
Update information      Edit(Oct.26)

   I wrote about “POODLE” issue on the last post. After that, I suddenly got worried about cURL on WordPress because I read SSLv3 fallback attack POODLE.

   Though I found a following option at curl_setopt,
curl_setopt( $handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
I couldn’t get where I should add it among WordPress Core Scripts. So, I made a topic on WordPress Forums…I’m waiting answers.

Edit(Oct.26):
   I just made the topic [resolved]. Because I got the result that my cURL exactly uses TLSv1.2 by %{SSL_PROTOCOL} on the Apache log. I don’t need CURL_SSLVERSION_TLSv1 on the file class-http.php. If the SSL sever has appropriate configurations, clients can access it safely if their software components have the abilities required.

   Clap clap, (*´▽`*).

Leave a Reply

Your email address will not be published. Required fields are marked *