Quote:
Originally Posted by cflsystems
XC uses SSL 3 in these files as well
func.https_X.php
where X is libcurl, curl, openssl, ssleay
It is OFF by default but other code in XC may set it to true when used. Solution will be to find the line in the file that sets the option for SSL3 and comment it out for example in
func.https_libcurl.php there is this
PHP Code:
if ($use_ssl3) curl_setopt ($ch, CURLOPT_SSLVERSION, 3);
so just comment it out
PHP Code:
// if ($use_ssl3) // curl_setopt ($ch, CURLOPT_SSLVERSION, 3);
This is untested so make sure you do some test orders if changing it
QT can we get clarification on this and a patch for XC if possible
|
In ....ssleay.php does this line need modification, and if so, what?
Code:
$execline .= " $ui[host] $ui[port] " . ($use_ssl3 ? '1' : '0') . ' ' . func_shellquote($cert) . ' ' . func_shellquote($kcert) . ' < ' . func_shellquote($tmpfile) . ' 2>' . func_shellquote($ignorefile);
Thanks.