I wrote about “POODLE” issue on the last post. After that, I suddenly got worried about cURL on WordPress because I read SSLv3 fallback attack POODLE.
Though I found a following option at curl_setopt,
curl_setopt( $handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
I couldn’t get where I should add it among WordPress Core Scripts. So, I made a topic on WordPress Forums…I’m waiting answers.
Edit(Oct.26):
I just made the topic [resolved]. Because I got the result that my cURL exactly uses TLSv1.2 by %{SSL_PROTOCOL} on the Apache log. I don’t need CURL_SSLVERSION_TLSv1 on the file class-http.php. If the SSL sever has appropriate configurations, clients can access it safely if their software components have the abilities required.
Clap clap, (*´▽`*).