[Tickets #13251] Free/Busy URL Request (CURL + SSL)
noreply at bugs.horde.org
noreply at bugs.horde.org
Fri Jun 6 02:54:19 UTC 2014
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/13251
------------------------------------------------------------------------------
Ticket | 13251
Created By | tyler.parsons-horde at dynamicpulse.com
Summary | Free/Busy URL Request (CURL + SSL)
Queue | Kronolith
Version | 4.2.0beta2
Type | Bug
State | Unconfirmed
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
tyler.parsons-horde at dynamicpulse.com (2014-06-06 02:54) wrote:
Hello,
I recently shored up our SSL implementation on apache with the
following options:
SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
Then I began noticing that Kronolith requests for free/busy URL
information began to fail. I think I've managed to trace the
accessibility error back to the following class
./pear/php/Horde/Http/Request/Curl.php. Adding the following option
seems to rectify the accessibility issue and Free/Busy URL requests
are now succeeding:
curl_setopt($curl, CURLOPT_SSLVERSION, 3);
I know my workaround is not a good solution and was wondering if
adding support for a fall-through like solution would be desirable?
Perhaps higher SSL versions are tried first within the CURL class, and
if they fail the class could then fall back to older implementations.
I appreciation your feedback.
More information about the bugs
mailing list