Add curl option to encourage earlier curl versions to negotiate TLS 1.2

LeonMelis · Jan 7, 2016 · f3d8189 · f3d8189
1 parent 6e1e912
commit f3d8189
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/lib/HttpClient/CurlClient.php b/lib/HttpClient/CurlClient.php
@@ -102,6 +102,13 @@ public function request($method, $absUrl, $headers, $params, $hasFile)
         if (!Stripe::$verifySslCerts) {
             $opts[CURLOPT_SSL_VERIFYPEER] = false;
         }
+        // Opt into TLS 1.x support on older versions of curl. This causes some
+        // curl versions, notably on RedHat, to upgrade the connection to TLS
+        // 1.2, from the default TLS 1.0.
+        if (!defined('CURL_SSLVERSION_TLSv1')) {
+            define('CURL_SSLVERSION_TLSv1', 1); // constant not defined in PHP < 5.5
+        }
+        $opts[CURLOPT_SSLVERSION] = CURL_SSLVERSION_TLSv1;
 
         curl_setopt_array($curl, $opts);
         $rbody = curl_exec($curl);