Forcing TLS 1.2 to Communicate with Remote API

I just received this notification from MailChimp.

We strongly encourage any developers who are using the MailChimp API to ensure that their software supports negotiating TLS 1.2 connections, and to coordinate with their system administrators to update software to take advantage of newer TLS versions. In addition, we recommend proactively switching over to TLS 1.2 when communicating with MailChimp’s API by modifying your API client software to enforce TLS 1.2 negotiation.

I have written some code in PHP that makes an API call to MailChimp. I'm not sure how to tell or know if I am using TLS 1.2 to communicate with their API.

How does one make sure you are or find out what protocol you are using?
Paul KonstanskiProject SpecialistAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
If you are using PHP cURL, you need to be using PHP 5.6 or newer to have the correct TLS versions available.
0
Paul KonstanskiProject SpecialistAuthor Commented:
I am using PHP 7.0 so I should be fine on that front.

So is it a setting that needs to be set? (e.g. in the php.ini or something).
Or what is it that I need to do to insure that I am using a specific TLS version?

Thanks.
0
gr8gonzoConsultantCommented:
Normally if you have a high enough version of PHP like Dave said, and you're connecting to a server that supports TLS 1.2, it should automatically choose the best protocol available on both sides (which would be TLS 1.2 as of right now).

However, if you want to FORCE your code to use TLS 1.2 and to fail if it's not available (or if you're dealing with a server that has some abnormal SSL settings), then within your code, set the curl option CURLOPT_SSLVERSION to CURL_SSLVERSION_TLSv1_2. That's it.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dave BaldwinFixer of ProblemsCommented:
This page shows the curl options.  http://php.net/manual/en/function.curl-setopt.php
0
Paul KonstanskiProject SpecialistAuthor Commented:
Thanks for the excellent advice. I have two servers that access MailChimp. One is running PhP 5.4, the other is running 7.0. Mailchimp is probably seeing the one running 5.4 and giving me that warning in light of that. I will be phasing out that server in the next two weeks so that should take care of it.

Thanks again. You guys are great with your advice. Keeps me coming back to Experts Exchange.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
tls/ssl

From novice to tech pro — start learning today.