XF 1.5 Unexpected TLS warning?

[wyze]

Hi there, we are getting the warning message that TLS 1.2 libraries are not on our server. Our server guys responded after checking confirming that TLS 1.2 is supported. We even have an SSL certificate installed for the site Xenforo is running on.

NB: SSL3 is disabled due to the poodle attack issue as it is on most responsibly managed servers.

They asked me to check..

Are you using CURL in your script? If so, you need to ensure you enable TLS 1.2 in the configuration file:

https://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html

If you are not using CURL, then this issue is likely with it's equivalent. The server itself is configured to use TLS 1.2 with SSLv3 disabled.
​

This is all way over my very low head! Any ideas or suggestions?

 

[Snog]

@wyze What version of cURL are you using?

Go to admin->tools and add phpinfo to the link to view that.

If your cURL version is prior to 7.10, that may be the problem with the test.

 

[wyze]

cURL Version 7.38.0

Other possible relevant settings shown under this are...
SSL Yes
SSPI No
TLS-SRP No
SSL Version OpenSSL/1.0.1e

 

[Mike]

We've seen this error triggered unexpected because of an add-on that relates to user upgrades. I would confirm the issue with all add-ons disabled.

 

[wyze]

Hi Mike, I only have 5 addons and it still persists with them disabled.

 

[Mike]

If you submit a ticket with FTP and ACP access, I'll have a look to see if I can determine what's going on.

 

[Snog]

Out of curiosity, was this ever solved and what was the problem?

 

[Paul B]

A ticket hasn't been submitted (yet).

 

[wyze]

Mike told me "The specific error is "curl_exec() has been disabled for security reasons". This is actually because curl_exec (and curl_multi_exec) are in your disable_functions list in php.ini. Enabling this should sort the issue."

Thanks mike, I have removed curl_exec() from the disabled functions list and the TLS warning is no longer appearing.

Very impressed by the fast response and resolution.