From: Brian Wolff <bawolff+wn@gmail.com>
Date: Wed, 1 Jul 2015 08:42:05 +0000 (-0600)
Subject: When using fopen on https streams, disable weak ciphers and compression
X-Git-Tag: 1.31.0-rc.0~9441
X-Git-Url: http://git.cyclocoop.org/%22.htmlspecialchars%28%24url_syndic%29.%22?a=commitdiff_plain;h=b78d7626f95d53d7aa63bc69dbef7d75c2286092;p=lhc%2Fweb%2Fwiklou.git

When using fopen on https streams, disable weak ciphers and compression

Per recomendation of
http://www.docnet.nu/tech-portal/2014/06/26/ssl-and-php-streams-part-1-you-are-doing-it-wrongtm/C0

Change-Id: I69d063ff4aa4248dd4f3d03de5a168c4b5a99c50
---

diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php
index bbf3de6344..60196aba5b 100644
--- a/includes/HttpFunctions.php
+++ b/includes/HttpFunctions.php
@@ -971,6 +971,8 @@ class PhpHttpRequest extends MWHttpRequest {
 			'ssl' => array(
 				'verify_peer' => $this->sslVerifyCert,
 				'SNI_enabled' => true,
+				'ciphers' => 'HIGH:!SSLv2:!SSLv3:-ADH:-kDH:-kECDH:-DSS',
+				'disable_compression' => true,
 			),
 		);