WordPress E-Commerce TLS 1.2 Issue on CentOS

We had this issue on one of our client sites, so we thought we’d put the solution out into the interwebs for anyone else that comes across it.

The TLS 1.2 Problem On CentOS

I ran into this error while setting up a WooCommerce shop for a client:

Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later. You can learn more about this at https://stripe.com/blog/upgrading-tls.

Many payment gateways including Paypal and Stripe are now requiring TLS 1.2 which offers a higher level of security than older version of the protocol. So, you upgrade. BOOM, done right? Maybe not.

 

TLS 1.2 still not working even though it should?

So you put your site into the SSL Test and it passes with flying colors but Stripe and/or Paypal still say you’re not communicating with TLS 1.2? I straight up disabled all protocols except TLS 1.2 and somehow I was still getting that error.

I did some digging and discovered that, for whatever reason, the crypto stack on CentOS seems to default to TLS 1.0 or 1.1 – NOT 1.2.

 

WordPress TLS 1.2 Fix on CentOS

To force your server to use TLS 1.2, you have to set a particular option with curl_setopt() before curl_exec() is called, like this:

To do this in WordPress, we use can use the http_api_curl hook:

Or you can use the newer curl.before_send if you’re on WordPress 4.6 or higher.

Unfortunately for me, when I was encountering this error WP had an issue where the http_api_curl hook wasn’t firing. This has been fixed in 4.7.