tthorp

Hi all. I’ve been dealing with this issue as well and this forum has been helpful. I’ve resolved the issue and have some info for people with the same difficulties – especially those on RedHat Linux hosting with NSS (instead of OpenSSL).
If you want to test and see what TLS version and ciphers your curl is sending to a server, you can ssh into your sending server and run this command curl https://www.howsmyssl.com/a/check This is useful for testing. Note that you can also try specifying some secure options to see if your server can send secure options, like this curl https://www.howsmyssl.com/a/check --tlsv1.2 --ciphers rsa_aes_128_sha
This seems particularly relevant for RedHat with multiple ciphers and TLS versions. It seems RedHat sends the least secure or oldest options by default.
If specifying options helps you pass the test at howsmyssl.com then you are close to a solution. You have two options:
1) figure out how to configure your server to pass the strongest TLS and ciphers by default or
2) use a plugin to inject the options into wordpress’ curl calls. The following plugin does just that.
https://ww.wp.xz.cn/plugins/reid-plugins-curl-options/
this is how I set it up:
https://snag.gy/23oGSd.jpg

Hope this helps!
-Tim