Add configurable TLS version and cipher suite support

wissemnord · wissemnord · commit b9e1461f3658 · 2025-08-15T15:05:15.000+02:00
diff --git a/lib/ApiClient.php b/lib/ApiClient.php
@@ -349,6 +349,19 @@ public function callApi($resourcePath, $method, $queryParams, $postData, $header
             curl_setopt($curl, CURLOPT_PROXYUSERPWD, $this->config->getCurlProxyUser() . ':' .$this->config->getCurlProxyPassword());
         }
 
+        if ($this->config->getTlsVersion()) {
+            curl_setopt($curl, CURLOPT_SSLVERSION, $this->config->getTlsVersion());
+        }
+
+        if ($this->config->getTlsCipherList()) {
+            // use TLS 1.3 ciphers for TLS 1.3, otherwise use general SSL cipher list
+            if ($this->config->getTlsVersion() && $this->config->getTlsVersion() === CURL_SSLVERSION_TLSv1_3) {
+                curl_setopt($curl, CURLOPT_TLS13_CIPHERS, $this->config->getTlsCipherList());
+            } else {
+                curl_setopt($curl, CURLOPT_SSL_CIPHER_LIST, $this->config->getTlsCipherList());
+            }
+        }
+
         if (!empty($queryParams)) {
             $url = ($url . '?' . http_build_query($queryParams));
         }
diff --git a/lib/Configuration.php b/lib/Configuration.php
@@ -173,6 +173,20 @@ class Configuration
      */
     protected $allowEncoding = false;
 
+    /**
+     * TLS version to use for HTTPS requests
+     *
+     * @var string
+     */
+    protected $tlsVersion;
+
+    /**
+     * TLS cipher list to use for HTTPS requests
+     *
+     * @var string
+     */
+    protected $tlsCipherList;
+
     /**
      * Logging configuration
      *
@@ -572,6 +586,53 @@ public function getLogConfiguration()
         return $this->logConfig;
     }
 
+
+    /**
+     * Sets the TLS version to use for HTTPS requests
+     *
+     * @param string $tlsVersion TLS version (e.g. CURL_SSLVERSION_TLSv1_2)
+     *
+     * @return $this
+     */
+    public function setTlsVersion($tlsVersion)
+    {
+        $this->tlsVersion = $tlsVersion;
+        return $this;
+    }
+
+    /**
+     * Gets the TLS version to use for HTTPS requests
+     *
+     * @return string TLS version
+     */
+    public function getTlsVersion()
+    {
+        return $this->tlsVersion;
+    }
+
+    /**
+     * Sets the TLS cipher list to use for HTTPS requests
+     *
+     * @param string $tlsCipherList TLS cipher list
+     *
+     * @return $this
+     */
+    public function setTlsCipherList($tlsCipherList)
+    {
+        $this->tlsCipherList = $tlsCipherList;
+        return $this;
+    }
+
+    /**
+     * Gets the TLS cipher list to use for HTTPS requests
+     *
+     * @return string TLS cipher list
+     */
+    public function getTlsCipherList()
+    {
+        return $this->tlsCipherList;
+    }
+
     /**
      * Sets the HTTP Proxy Host
      *
