## Description of the need

We are seeing a new frustrated Forum post regarding the failure to get update data (https://forum.backdropcms.org/forum/not-possible-check-upgrades). This seems to come up regularly.

I experienced this issue and the problem was that Backdrop uses SSL to check for updates, and my local certificate used by stream_socket_client to make this socket connection with the server was expired. See https://forum.backdropcms.org/forum/issues-checking-updates-localhost

Other posters found similar solutions related to expired certificates. I think this is not uncommon.

## Proposed solution
Drupal 7, to this date, uses an HTTP connection to obtain the same module update information. Backdrop's defines the constant `UPDATE_DEFAULT_URL` as `https://updates.backdropcms.org/release-history`. Drupal 7 `http://updates.drupal.org/release-history`.

It seems like D8/9 does use SSL to fetch update data, but provides a `update_fetch_with_http_fallback` fallback option in settings.php.

It'd be great to have this feature added to Backdrop.

This is the D8/9 doc explanation for this setting:

```php
/**
* Fallback to HTTP for Update Manager and for fetching security advisories.
*
* If your site fails to connect to updates.drupal.org over HTTPS (either when
* fetching data on available updates, or when fetching the feed of critical
* security announcements), you may uncomment this setting and set it to TRUE to
* allow an insecure fallback to HTTP. Note that doing so will open your site up
* to a potential man-in-the-middle attack. You should instead attempt to
* resolve the issues before enabling this option.
*/
```

GitHub Link: 
https://github.com/backdrop/backdrop-issues/issues/5455
GitHub Issue #: 
5455