From dc193bd914e6c9cd3d0d1df7e171d38e8da407e5 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Thu, 11 Dec 2014 21:35:04 +0100
Subject: prefer TLS for SSL Tunnel connections #915

---
 inc/HTTPClient.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'inc/HTTPClient.php')

diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php
index 2e991b52f..4112932c4 100644
--- a/inc/HTTPClient.php
+++ b/inc/HTTPClient.php
@@ -589,7 +589,13 @@ class HTTPClient {
 
         $this->_debug('SSL Tunnel Response',$r_headers);
         if(preg_match('/^HTTP\/1\.[01] 200/i',$r_headers)){
-            if (stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) {
+            // Try a TLS connection first
+            if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
+                $requesturl = $requestinfo['path'];
+                return true;
+            }
+            // Fall back to SSLv3
+            if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) {
                 $requesturl = $requestinfo['path'];
                 return true;
             }
-- 
cgit v1.2.3