Use tlsv1 with PhantomJS

[erwan]

PhantomJS uses SSLv3 by default, but because of the POODLE exploit this is massively removed from projects.

ariya/phantomjs#12655

It is possible to workaround by passing "--ssl-protocol=tlsv1" to PhantomJS.

Maybe gulp-qunit could either include this parameter, or make it an option?

[erwan]

This appears to be fixed in PhantomJS 1.9.8 (tlsv1 is now the default), so just bumping the dependency should be enough.

[jonkemp]

Ok, if I bump the dependency, do you still want to include your pull request?

[erwan]

Well, first you need to wait for the NPM wrapper to include the latest PhantomJS release:
https://github.com/Medium/phantomjs

As soon as it's all upgraded I will no longer need it, so I don't mind if you don't include the pull request.

It depends if you think it can be useful for other PhantomJS options or not:
http://phantomjs.org/api/command-line.html

[jonkemp]

According to that the version of the package is in line with what PhantomJS version is being used. It's currently 1.9.11.

https://github.com/Medium/phantomjs#versioning

[erwan]

Actually the versioning of the npm wrapper is a bit confusing, but version 1.9.11 of the NPM wrapper released one week ago includes PhantomJS 1.9.7:
https://github.com/Medium/phantomjs/tree/v1.9.11

The latest PhantomJS version is 1.9.8, released yesterday:
https://github.com/ariya/phantomjs/releases

[jonkemp]

Ok I created an issue for this over there. But i'll probably accept your patch anyway. Thanks!

[erwan]

Thank you!