From b78d7626f95d53d7aa63bc69dbef7d75c2286092 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Wed, 1 Jul 2015 02:42:05 -0600
Subject: [PATCH] When using fopen on https streams, disable weak ciphers and
 compression

Per recomendation of
http://www.docnet.nu/tech-portal/2014/06/26/ssl-and-php-streams-part-1-you-are-doing-it-wrongtm/C0

Change-Id: I69d063ff4aa4248dd4f3d03de5a168c4b5a99c50
---
 includes/HttpFunctions.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php
index bbf3de6344..60196aba5b 100644
--- a/includes/HttpFunctions.php
+++ b/includes/HttpFunctions.php
@@ -971,6 +971,8 @@ class PhpHttpRequest extends MWHttpRequest {
 			'ssl' => array(
 				'verify_peer' => $this->sslVerifyCert,
 				'SNI_enabled' => true,
+				'ciphers' => 'HIGH:!SSLv2:!SSLv3:-ADH:-kDH:-kECDH:-DSS',
+				'disable_compression' => true,
 			),
 		);
 
-- 
2.20.1