Title: WordPress and SSL Version Last modified: September 1, 2016 --- # WordPress and SSL Version * Resolved [David Hamel](https://wordpress.org/support/users/david-hamel/) * (@david-hamel) * [9 years, 11 months ago](https://wordpress.org/support/topic/wordpress-and-ssl-version/) * Good day all. * We are currently running a MultiNetwork / Multisite installation. Initially we had only the logon/admin area covered by SSL, but have upgraded that to include all traffic. * Over the last few months I’ve been tracking down issues with a variety of WordPress operations and plugin issues that all seemed to refer to SSL connection errors. * Some of the issues we’ve seen included: anytime we did a network upgrade after WP upgrade we would see SSL connection errors on sites Trying to use RSS feeds, we would get SSL connection errors trying to connect and pull in data etc * We are self hosted and maintain our CA through InCommon. Our security department is pretty diligent and when setting up our SSL environment, required us to only accept tlsv1.2 because of the known vulnerabilities in SSLv1-3 and TLSv1.0 & 1.1. * Through testing, I’ve found that if I lower the SSL environment to SSL V2 or 3, everything begins to work correctly in WordPress. Additionally if i go to the command line and execute curl -v [https://xyz.my.site.com](https://xyz.my.site.com) I will get an SSL error, but if I execute curl -v [https://xyz.my.site.com](https://xyz.my.site.com)- tlsv1.2 connection works fine. Unfortunately, I cannot leave this setting. * My question; Is there any way to set php/CURL to use tls1.2 automatically in WP?? * Any thoughts would be appreciated. Viewing 3 replies - 1 through 3 (of 3 total) * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [9 years, 11 months ago](https://wordpress.org/support/topic/wordpress-and-ssl-version/#post-7503506) * > We are currently running a MultiNetwork / Multisite installation. Initially > we had only the logon/admin area covered by SSL, but have upgraded that to > include all traffic. * That’s good. * > Through testing, I’ve found that if I lower the SSL environment to SSL V2 or > 3, everything begins to work correctly in WordPress. * Can you check using `openssl` like so for TLS 1.2? * ``` openssl s_client -tls1_2 -servername xyz.my.site.com -connect xyz.my.site.com :443 < /dev/null ``` * And without the `-tls1_2`. * ``` openssl s_client -servername xyz.my.site.com -connect xyz.my.site.com :443 < /dev/null ``` * You may need to add your CA root file on the command line using `-CAfile AddTrustExternalCARoot. crt` for your trusted CA to work. * When you do the second command if your web server is configured correctly then you should see `openssl` negotiate to TLS 1.2. * ``` SSL-Session: Protocol : TLSv1.2 ``` * This is just to confirm that your certs are working and your negotiation is successful for TLS 1.2. Your `curl` may not be providing an accurate picture of what’s going on. * If it looks like `openssl` is working correctly then there may be more things to try with `curl`. * Thread Starter [David Hamel](https://wordpress.org/support/users/david-hamel/) * (@david-hamel) * [9 years, 11 months ago](https://wordpress.org/support/topic/wordpress-and-ssl-version/#post-7503515) * Thanks for the thoughts. * We ran through what you suggested and the server is showing the successful connection at TLSv1.2 with the certificate and other information including cert chain, cipher, keys and session ticket info. * What we did notice is that the certificate was issued with only the wordpress DNS name. We are reissuing it as a SAN cert with both the server FQDN and wordpress DNS names included. I’m not confident that will correct the situation, but we’ll give it a try. * Any other suggestions or thoughts? * I truly appreciate your feedback. * Regards Dave * Thread Starter [David Hamel](https://wordpress.org/support/users/david-hamel/) * (@david-hamel) * [9 years, 11 months ago](https://wordpress.org/support/topic/wordpress-and-ssl-version/#post-7503518) * Well, we’ve finally had success, and it wasn’t using the SAN cert. * We used ssllabs.com to evaluate the system and altered both the cipher suite and protocols. the change allows all versions of TLS with an extended set of suites. * thanks for the assistance and comments. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘WordPress and SSL Version’ is closed to new replies. ## Tags * [curl](https://wordpress.org/support/topic-tag/curl/) * [multisite](https://wordpress.org/support/topic-tag/multisite/) * [SSL](https://wordpress.org/support/topic-tag/ssl/) * [ssl error](https://wordpress.org/support/topic-tag/ssl-error/) * [TLS](https://wordpress.org/support/topic-tag/tls/) * In: [Networking WordPress](https://wordpress.org/support/forum/multisite/) * 3 replies * 2 participants * Last reply from: [David Hamel](https://wordpress.org/support/users/david-hamel/) * Last activity: [9 years, 11 months ago](https://wordpress.org/support/topic/wordpress-and-ssl-version/#post-7503518) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics