Skip legacy TLS 1.0 / TLS 1.1 tests if disabled by system #229
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Skip legacy TLS 1.0 / TLS 1.1 tests if disabled by system. For example, this affects a current Ubuntu 20.04 installation which appears to prohibit legacy TLS connections.
The same bug can be reproduced in curl with
$ curl -s --tlsv1 -v https://tls-v1-0.badssl.com:1010/
at the time of writing this. This seems to be addressed in curl with curl/curl#4097 and curl/curl#4304. PHP appears to apply a similar logic, but it still fails at the moment (https://github.com/php/php-src/blob/8e9bc90004f09a0d67fdac393a8f3fca904be397/ext/openssl/xp_ssl.c#L1760 vs https://github.com/ruby/openssl/blob/4b43ffc1292eeb70ff886847836e21ad96ed8796/ext/openssl/ossl_ssl.c#L162-L195).For PHP, this can be reproduced (prior to applying this patch) by running the test suite in a default Ubuntu installation (PHP 7.4.3):