prefer TLS for SSL Tunnel connections #915

author: Andreas Gohr <andi@splitbrain.org> 2014-12-11 21:35:04 +0100
committer: Andreas Gohr <andi@splitbrain.org> 2014-12-11 21:35:04 +0100
commit: dc193bd914e6c9cd3d0d1df7e171d38e8da407e5 (patch)
tree: d9da8404e7d9106b16914686875e49bfba146d4f /inc
parent: 1ec86040f8d873bffe71d0acacf7e9750804f0f4 (diff)
download: rpg-dc193bd914e6c9cd3d0d1df7e171d38e8da407e5.tar.gz
rpg-dc193bd914e6c9cd3d0d1df7e171d38e8da407e5.tar.bz2
1 files changed, 7 insertions, 1 deletions
diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php
index 2e991b52f..4112932c4 100644
--- a/inc/HTTPClient.php
+++ b/inc/HTTPClient.php
@@ -589,7 +589,13 @@ class HTTPClient {
 
         $this->_debug('SSL Tunnel Response',$r_headers);
         if(preg_match('/^HTTP\/1\.[01] 200/i',$r_headers)){
-            if (stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) {
+            // Try a TLS connection first
+            if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
+                $requesturl = $requestinfo['path'];
+                return true;
+            }
+            // Fall back to SSLv3
+            if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) {
                 $requesturl = $requestinfo['path'];
                 return true;
             }
author	Andreas Gohr <andi@splitbrain.org>	2014-12-11 21:35:04 +0100
committer	Andreas Gohr <andi@splitbrain.org>	2014-12-11 21:35:04 +0100
commit	dc193bd914e6c9cd3d0d1df7e171d38e8da407e5 (patch)
tree	d9da8404e7d9106b16914686875e49bfba146d4f /inc
parent	1ec86040f8d873bffe71d0acacf7e9750804f0f4 (diff)
download	rpg-dc193bd914e6c9cd3d0d1df7e171d38e8da407e5.tar.gz rpg-dc193bd914e6c9cd3d0d1df7e171d38e8da407e5.tar.bz2