I moved this site to TLS 1.3 a few weeks ago. So far, it has been working great if I use a web browser. Unfortunately, no one has updated Curl to work with TLS 1.3. The second issue is that Curl is the HTTP client library du jour for C or languages that use C’s Foreign Function Interface. Unfortunately, TLS 1.3 only breaks nearly all applications that use a web callback or WordPress’ APIs.

To add TLS 1.2 back as an option

#Add below the SSLCipherSuite for TLSv1.3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

#Add +TLSv1.2 to the end of the SSLProtocol line
SSLProtocol -all +TLSv1.3 +TLSv1.2

Leave a Reply

Your email address will not be published. Required fields are marked *