Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

authorize.net ssl 3.0 upgrade concerns


bmdennst

Recommended Posts

I just receieved this notice from Authorize.net - does anyone know if oscommerce's modules for authorize.net need to be updated or enhanced?

 

 

 

Dear Authorize.Net Developer:

 

During the week of March 16 - 20, 2009, Authorize.Net will be deprecating all legacy support for the SSL 2.0 protocol. Changes have recently been made to the Payment Card Industry Data Security Standard (PCI DSS) which have made the use of SSL 2.0 a PCI DSS violation.

 

Due to this change, it is critical that you update any applications or integrations that may be using the SSL 2.0 protocol to support the more current SSL 3.0/TLS 1.0 protocols. Failure to upgrade your applications or integrations may result in a lost ability to successfully process transactions via the Authorize.Net Payment Gateway.

 

If you have merchants who are currently using SSL 2.0 to connect to the Authorize.Net Payment Gateway, you must contact them immediately and arrange to update their integrations to the SSL 3.0/TLS 1.0 protocols.

 

For more information on the limitations of SSL 2.0 and the advantages of SSL 3.0/TLS 1.0, we recommend reviewing the white paper Analysis of the SSL 3.0 Protocol.

 

If you have any questions, please contact [email protected].

Link to comment
Share on other sites

I just receieved this notice from Authorize.net - does anyone know if oscommerce's modules for authorize.net need to be updated or enhanced?

 

Greetings,

 

We have plans to publish an open source module that would resolve all SSL 3.0 compatibility issues with the Authorize.Net gateway.

This module will be fully compliant to PCI DSS standards.

 

 

RELEASE DATE: 02/20/2009

 

Best Regards,

Hasan Robinson

Edited by Jan Zonjee
Link to comment
Share on other sites

so does this work with the Authorize Net AIM module (GPL) contribution? i see the only file that was contributed was the authorizenet_cc_aim.php, but the filename is different from the one provided in the Authorize Net AIM module (GPL) contribution. i'm going to have to switch from paypal to Authorize Net because paypal is hassling me with all the refunds we do (like we have control over that). i need to figure out how this is going to work.

Edited by jasyn
Link to comment
Share on other sites

To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342):

curl_setopt($curl, CURLOPT_HEADER, 0);

 

and insert the following as a new line below that:

curl_setopt($ch, CURLOPT_SSLVERSION, 3);

 

Has anyone looked at authorizenet_aim.php (from Vger's contribution) to see what changes are needed? The CURL code is:

 

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL,$url);

curl_setopt($ch, CURLOPT_VERBOSE, 0);

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, $data);

curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);

$authorize = curl_exec($ch);

curl_close ($ch);

Link to comment
Share on other sites

To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342):

curl_setopt($curl, CURLOPT_HEADER, 0);

 

and insert the following as a new line below that:

curl_setopt($ch, CURLOPT_SSLVERSION, 3);

 

Has anyone looked at authorizenet_aim.php (from Vger's contribution) to see what changes are needed? The CURL code is:

 

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL,$url);

curl_setopt($ch, CURLOPT_VERBOSE, 0);

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, $data);

curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);

$authorize = curl_exec($ch);

curl_close ($ch);

BTW, my Server Info shows:

Registered Stream Socket Transports tcp,udp,unix,udg,ssl,sslv3,sslv2,tls

 

So, I'm going to guess that I'm okay (since sslv3 is listed) and that I don't need to modify authorizenet_aim.php............can anyone who knows more about this than I do (probably most of you) verify that?

Link to comment
Share on other sites

  • 2 weeks later...

Ok, so I made the small change to the new auth.net ssl3 module. Just to verify:

 

You need to "Add" this line or "change" the variable in the existing line from "$curl" to "$ch"

 

To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342):

curl_setopt($curl, CURLOPT_HEADER, 0);

 

and insert the following as a new line below that:

curl_setopt($ch, CURLOPT_SSLVERSION, 3);

 

----When I change to the line you have above and run a transaction, this is the error I get------------

 

Warning: curl_setopt(): supplied argument is not a valid cURL handle resource in cart/includes/modules/payment/authorizenet_cc_aim.php on line 343

 

Warning: Cannot modify header information - headers already sent by (output started at public_html/cart/includes/modules/payment/authorizenet_cc_aim.php:343) in public_html/cart/includes/functions/general.php on line 33

 

 

Any suggestions?

Link to comment
Share on other sites

Ok, so I made the small change to the new auth.net ssl3 module. Just to verify:

 

You need to "Add" this line or "change" the variable in the existing line from "$curl" to "$ch"

 

To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342):

curl_setopt($curl, CURLOPT_HEADER, 0);

 

and insert the following as a new line below that:

curl_setopt($ch, CURLOPT_SSLVERSION, 3);

 

----When I change to the line you have above and run a transaction, this is the error I get------------

 

Warning: curl_setopt(): supplied argument is not a valid cURL handle resource in cart/includes/modules/payment/authorizenet_cc_aim.php on line 343

 

Warning: Cannot modify header information - headers already sent by (output started at public_html/cart/includes/modules/payment/authorizenet_cc_aim.php:343) in public_html/cart/includes/functions/general.php on line 33

 

 

Any suggestions?

I don't know if it makes any difference at all, but you might try:

 

curl_setopt ($ch, CURLOPT_SSLVERSION,3);

 

See http://bluesunh.springnote.com/pages/1231596.xhtml (about half way down the page, look for CURLOPT_SSLVERSION). The only difference I can see is the elimination of one space and the addition of another.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...