Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Authorize.net Consolidated v1.7 by Austin519


dlcmpls

Recommended Posts

*** Please don't tell me to update osCommerce.  The customer won't do that.  I understand that updating is best, but it's not an option ***

Hi everyone.

I'm working on a very, very old customer site.

The site stopped communicating with Authorize last week. 

We are using this module:

        Authorize.net Consolidated v1.7 by Austin519

Of course that's a very, very old module.

When running an order, upon final submission of the order, the only message that gets outputted is:

The server cannot connect to Authorize.net. Please check your cURL and server settings.

I'm guessing this all due to Authorize implementing TLS 1.2 and disabling earlier versions.

Our site was running fine until 3/10/18

I can't find a solution.

Can anyone advise?

I've included a screenshot of the module configuration.

*** Please don't tell me to update osCommerce.  The customer won't do that.  I understand that updating is best, but it's not an option ***

 

authorize.JPG

Link to comment
Share on other sites

Authorize.net disabled tls 1.0/1.1 for us on 3/1. When you say "please don't tell me to upgrade..." that's a tough thing to avoid. Because to get tls 1.2 openssl requirements almost inevitably means upgrades of software that then may require osc updates. . OpenSSL has to be something updated on the server as well, not locally on your website. I've worked with a few customers facing this and have an short-term alternative. Basically I put up a proxy server that instead of pointing your transactions to Authorize.net, point it to the proxy and the proxy funnels all requests (tls 1.2 complaint) between the end-points. I'm sure not PCI complaint, but it works. 

-Robert

Edited by burt
Remove PM request
Link to comment
Share on other sites

*** Please don't tell me to update osCommerce.  The customer won't do that.  I understand that updating is best, but it's not an option ***

Unfortunately, that's the only real option. I can't understand why store owners refuse to keep their store reasonably updated, so it works with the current PHP, MySQL, and other subsystems. They think they can just coast along with their initial installation, and it will work forever. It won't. If you want to drive your Model T Ford at night on the Interstate, be prepared to be run over a few times by 18-wheelers. It will be very costly and time-consuming to dig through all the code and update everything, as compared to upgrading properly.

For a basic store, they simply install and configure the "Edge" version, and migrate their data over. I have some sympathy for those who have invested a great deal of time and/or money into customizing their store, but they simply have to realize that no software lasts forever. The base software needs to be periodically refreshed, and transferring over customizations (whether custom code or add-ons) should be no more than a minor inconvenience if good records have been kept regarding what has been done to the store.

Link to comment
Share on other sites

Well, what's the customer expecting can be done? With such an old system, it's likely that something else will break soon, even if you switch payment systems (e.g., to PayPal). If they're not willing to spend the money to get up to current standards, all I can suggest is that you walk away from this job. It's not going to be worth the headaches you'll get trying to bring it up to snuff on a shoestring (which sounds like what the client is trying to do). If you have already sat down with the client and explained that it will likely be cheaper and safer to upgrade than to try to muddle through a patching process, and they still won't, I think it's a lost cause.

Just out of curiosity, how old is "very old"? Frankly, anything older than 2.3.4.1 is obsolete (won't even run on current systems), and only "Edge" is up to date in features, including responsive design. Using anything from the 2.2 era (or earlier) should be a capital offense.

Link to comment
Share on other sites

Have you checked the site at https://www.ssllabs.com/ssltest/  to see if it supports TLS1.2?  It is a server requirement, but if they are running an old version of php, then they may not have support for tls 1.2.  If that's not supported then A.net is not going to work.  That's probably the problem.

It is possible there is a curl option setting it to a lower version of SSL, but I doubt that is what the problem is because it would have been set to something already discontinued like SSL V3.

 

I'm not really a dog.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...