Support » Plugin: WooCommerce Stripe Payment Gateway » Stripe Moving to TLS1.2 — Will it still work?

Viewing 6 replies - 1 through 6 (of 6 total)
  • danieldudzic

    (@danieldudzic)

    Automattic Happiness Engineer

    Hi Robert!

    We have been working with Stripe on the best way to handle this for a few months now.

    Here’s a quote from the Stripe developer:

    Trying to set the appropriate CURLOPT_SSLVERSION option based on OPENSSL_VERSION_NUMBER has caused issues for some of our users. After looking at a lot of different systems and configurations, we’ve decided that the best course of action is to follow the advice from PHP’s documentation:

    Your best bet is to not set this and let it use the default.

    and provide a way for our users to manually set CURLOPT_SSLVERSION themselves if they need to.

    For more information, see the PR here: stripe/stripe-php#299.

    I hope this helps!

    Please let us know if you will have any further questions.

    Cheers!
    Danny – WooCommerce Support

    Hi Danny,

    Thanks for your reply.

    So, you will be providing a way in the plugin, before January, to expose the ability to force TLS1.2 as per this part of the stripe-php readme:

    https://github.com/stripe/stripe-php#ssl–tls-compatibility-issues

    Is that what I understand correctly? Some checkbox or setting in the WP Admin preferences for the plugin that will let us do this?

    Otherwise, we would have to modify the plugin code ourselves to force this change (and maintain it as a patch to apply with each successive update). Not ideal for us or any of the countless other CentOS/RHEL users in this situation.

    Thanks for your help.

    Best,
    Robert

    Hi Danny,

    I also note here:

    https://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.8#line-76

    that “TLS 1.2 has been enabled by default in various packages” — whether the standard cURL/OpenSSL package is among them I am not sure yet. I will do some testing.

    Best,
    Robert

    Hi Danny,

    My tests on CentOS 6.8 so far reveal that cURL with OpenSSL is using TLS1.2 by default without having to explicitly set it.

    Best,
    Robert

    danieldudzic

    (@danieldudzic)

    Automattic Happiness Engineer

    Hi Robert!

    If my understanding is correct, you have to make sure your server is running TLS 1.2 – and the extension will work fine.

    If you don’t meet the TLS 1.2 requirement, the extension won’t work.

    Please let us know if you will have any further questions.

    Hi Daniel,

    Responding here in case it helps someone else during a search for more information.

    To say that if “your server is running TLS 1.2 – and the extension will work fine” is a great oversimplification of the problem. 🙂

    Centos 6.8 was running TLS 1.2, but cURL was not using TLS 1.2 as the default. As of the latest point-release update, it is defaulting to TLS 1.2. So, there is no further action required. Previously, to get TLS 1.2 to work, some version of the code change I posted at the top of this message was required.

    Hopefully this helps anyone else on a system using back-ports to ensure security and lock versions of software (RHEL, CentOS) in case they have TLS 1.2 installed but not being used as the cURL default.

    I will close this for now, since our own issues is resolved.

    Best,
    Robert

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Stripe Moving to TLS1.2 — Will it still work?’ is closed to new replies.