diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2014-12-12 01:30:38 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2014-12-12 01:30:38 +0100 |
| commit | c05ef534171135f4252fa0feed5466a75435b97a (patch) | |
| tree | 5424048b1af89207576cec50a31ba67873607f04 /inc/HTTPClient.php | |
| parent | db0a9e62656f4b0ceff83c6b8fd55e306e496a1b (diff) | |
| download | rpg-c05ef534171135f4252fa0feed5466a75435b97a.tar.gz rpg-c05ef534171135f4252fa0feed5466a75435b97a.tar.bz2 | |
seems we need to do SSL/TLS checks the other way round
Diffstat (limited to 'inc/HTTPClient.php')
| -rw-r--r-- | inc/HTTPClient.php | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php index c791b7f4a..76d973c38 100644 --- a/inc/HTTPClient.php +++ b/inc/HTTPClient.php @@ -592,13 +592,15 @@ class HTTPClient { // set correct peer name for verification (enabled since PHP 5.6) stream_context_set_option($socket, 'ssl', 'peer_name', $requestinfo['host']); - // Try a TLS connection first - if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + // Because of older PHP versions having trouble with TLS (enable_crypto returns true, but + // the conection still borks) we try SSLv3 first + if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) { $requesturl = $requestinfo['path']; return true; } - // Fall back to SSLv3 - if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) { + + // If the proxy does not support SSLv3 we try TLS + if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { $requesturl = $requestinfo['path']; return true; } |