bmdennst Posted February 17, 2009 Share Posted February 17, 2009 I just receieved this notice from Authorize.net - does anyone know if oscommerce's modules for authorize.net need to be updated or enhanced? Dear Authorize.Net Developer: During the week of March 16 - 20, 2009, Authorize.Net will be deprecating all legacy support for the SSL 2.0 protocol. Changes have recently been made to the Payment Card Industry Data Security Standard (PCI DSS) which have made the use of SSL 2.0 a PCI DSS violation. Due to this change, it is critical that you update any applications or integrations that may be using the SSL 2.0 protocol to support the more current SSL 3.0/TLS 1.0 protocols. Failure to upgrade your applications or integrations may result in a lost ability to successfully process transactions via the Authorize.Net Payment Gateway. If you have merchants who are currently using SSL 2.0 to connect to the Authorize.Net Payment Gateway, you must contact them immediately and arrange to update their integrations to the SSL 3.0/TLS 1.0 protocols. For more information on the limitations of SSL 2.0 and the advantages of SSL 3.0/TLS 1.0, we recommend reviewing the white paper Analysis of the SSL 3.0 Protocol. If you have any questions, please contact [email protected]. Quote Link to comment Share on other sites More sharing options...
soundcommerce Posted February 18, 2009 Share Posted February 18, 2009 (edited) I just receieved this notice from Authorize.net - does anyone know if oscommerce's modules for authorize.net need to be updated or enhanced? Greetings, We have plans to publish an open source module that would resolve all SSL 3.0 compatibility issues with the Authorize.Net gateway. This module will be fully compliant to PCI DSS standards. RELEASE DATE: 02/20/2009 Best Regards, Hasan Robinson Edited February 22, 2009 by Jan Zonjee Quote Link to comment Share on other sites More sharing options...
soundcommerce Posted February 19, 2009 Share Posted February 19, 2009 (edited) Greetings, The release has been published, you can download the updated module at: http://addons.oscommerce.com/info/6562 Best Regards, Hasan Robinson Edited February 22, 2009 by Jan Zonjee Quote Link to comment Share on other sites More sharing options...
jasyn Posted February 19, 2009 Share Posted February 19, 2009 (edited) so does this work with the Authorize Net AIM module (GPL) contribution? i see the only file that was contributed was the authorizenet_cc_aim.php, but the filename is different from the one provided in the Authorize Net AIM module (GPL) contribution. i'm going to have to switch from paypal to Authorize Net because paypal is hassling me with all the refunds we do (like we have control over that). i need to figure out how this is going to work. Edited February 19, 2009 by jasyn Quote Link to comment Share on other sites More sharing options...
Guest Posted February 19, 2009 Share Posted February 19, 2009 To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342): curl_setopt($curl, CURLOPT_HEADER, 0); and insert the following as a new line below that: curl_setopt($ch, CURLOPT_SSLVERSION, 3); Has anyone looked at authorizenet_aim.php (from Vger's contribution) to see what changes are needed? The CURL code is: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$url); curl_setopt($ch, CURLOPT_VERBOSE, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); $authorize = curl_exec($ch); curl_close ($ch); Quote Link to comment Share on other sites More sharing options...
Guest Posted February 19, 2009 Share Posted February 19, 2009 To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342):curl_setopt($curl, CURLOPT_HEADER, 0); and insert the following as a new line below that: curl_setopt($ch, CURLOPT_SSLVERSION, 3); Has anyone looked at authorizenet_aim.php (from Vger's contribution) to see what changes are needed? The CURL code is: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$url); curl_setopt($ch, CURLOPT_VERBOSE, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); $authorize = curl_exec($ch); curl_close ($ch); BTW, my Server Info shows: Registered Stream Socket Transports tcp,udp,unix,udg,ssl,sslv3,sslv2,tls So, I'm going to guess that I'm okay (since sslv3 is listed) and that I don't need to modify authorizenet_aim.php............can anyone who knows more about this than I do (probably most of you) verify that? Quote Link to comment Share on other sites More sharing options...
mroche Posted March 4, 2009 Share Posted March 4, 2009 Ok, so I made the small change to the new auth.net ssl3 module. Just to verify: You need to "Add" this line or "change" the variable in the existing line from "$curl" to "$ch" To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342): curl_setopt($curl, CURLOPT_HEADER, 0); and insert the following as a new line below that: curl_setopt($ch, CURLOPT_SSLVERSION, 3); ----When I change to the line you have above and run a transaction, this is the error I get------------ Warning: curl_setopt(): supplied argument is not a valid cURL handle resource in cart/includes/modules/payment/authorizenet_cc_aim.php on line 343 Warning: Cannot modify header information - headers already sent by (output started at public_html/cart/includes/modules/payment/authorizenet_cc_aim.php:343) in public_html/cart/includes/functions/general.php on line 33 Any suggestions? Quote Link to comment Share on other sites More sharing options...
Guest Posted March 4, 2009 Share Posted March 4, 2009 Ok, so I made the small change to the new auth.net ssl3 module. Just to verify: You need to "Add" this line or "change" the variable in the existing line from "$curl" to "$ch" To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342): curl_setopt($curl, CURLOPT_HEADER, 0); and insert the following as a new line below that: curl_setopt($ch, CURLOPT_SSLVERSION, 3); ----When I change to the line you have above and run a transaction, this is the error I get------------ Warning: curl_setopt(): supplied argument is not a valid cURL handle resource in cart/includes/modules/payment/authorizenet_cc_aim.php on line 343 Warning: Cannot modify header information - headers already sent by (output started at public_html/cart/includes/modules/payment/authorizenet_cc_aim.php:343) in public_html/cart/includes/functions/general.php on line 33 Any suggestions? I don't know if it makes any difference at all, but you might try: curl_setopt ($ch, CURLOPT_SSLVERSION,3); See http://bluesunh.springnote.com/pages/1231596.xhtml (about half way down the page, look for CURLOPT_SSLVERSION). The only difference I can see is the elimination of one space and the addition of another. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.