dlcmpls Posted March 16, 2018 Share Posted March 16, 2018 *** Please don't tell me to update osCommerce. The customer won't do that. I understand that updating is best, but it's not an option *** Hi everyone. I'm working on a very, very old customer site. The site stopped communicating with Authorize last week. We are using this module: Authorize.net Consolidated v1.7 by Austin519 Of course that's a very, very old module. When running an order, upon final submission of the order, the only message that gets outputted is: The server cannot connect to Authorize.net. Please check your cURL and server settings. I'm guessing this all due to Authorize implementing TLS 1.2 and disabling earlier versions. Our site was running fine until 3/10/18 I can't find a solution. Can anyone advise? I've included a screenshot of the module configuration. *** Please don't tell me to update osCommerce. The customer won't do that. I understand that updating is best, but it's not an option *** Quote Link to comment Share on other sites More sharing options...
sactobob Posted March 17, 2018 Share Posted March 17, 2018 (edited) Authorize.net disabled tls 1.0/1.1 for us on 3/1. When you say "please don't tell me to upgrade..." that's a tough thing to avoid. Because to get tls 1.2 openssl requirements almost inevitably means upgrades of software that then may require osc updates. . OpenSSL has to be something updated on the server as well, not locally on your website. I've worked with a few customers facing this and have an short-term alternative. Basically I put up a proxy server that instead of pointing your transactions to Authorize.net, point it to the proxy and the proxy funnels all requests (tls 1.2 complaint) between the end-points. I'm sure not PCI complaint, but it works. -Robert Edited March 18, 2018 by burt Remove PM request Quote Link to comment Share on other sites More sharing options...
MrPhil Posted March 18, 2018 Share Posted March 18, 2018 *** Please don't tell me to update osCommerce. The customer won't do that. I understand that updating is best, but it's not an option *** Unfortunately, that's the only real option. I can't understand why store owners refuse to keep their store reasonably updated, so it works with the current PHP, MySQL, and other subsystems. They think they can just coast along with their initial installation, and it will work forever. It won't. If you want to drive your Model T Ford at night on the Interstate, be prepared to be run over a few times by 18-wheelers. It will be very costly and time-consuming to dig through all the code and update everything, as compared to upgrading properly. For a basic store, they simply install and configure the "Edge" version, and migrate their data over. I have some sympathy for those who have invested a great deal of time and/or money into customizing their store, but they simply have to realize that no software lasts forever. The base software needs to be periodically refreshed, and transferring over customizations (whether custom code or add-ons) should be no more than a minor inconvenience if good records have been kept regarding what has been done to the store. Quote Link to comment Share on other sites More sharing options...
dlcmpls Posted March 18, 2018 Author Share Posted March 18, 2018 Thank you Robert and Phil. I fully understand the need to update. But it's not my call. And the client won't do it. Anyone else have suggestions? Quote Link to comment Share on other sites More sharing options...
MrPhil Posted March 18, 2018 Share Posted March 18, 2018 Well, what's the customer expecting can be done? With such an old system, it's likely that something else will break soon, even if you switch payment systems (e.g., to PayPal). If they're not willing to spend the money to get up to current standards, all I can suggest is that you walk away from this job. It's not going to be worth the headaches you'll get trying to bring it up to snuff on a shoestring (which sounds like what the client is trying to do). If you have already sat down with the client and explained that it will likely be cheaper and safer to upgrade than to try to muddle through a patching process, and they still won't, I think it's a lost cause. Just out of curiosity, how old is "very old"? Frankly, anything older than 2.3.4.1 is obsolete (won't even run on current systems), and only "Edge" is up to date in features, including responsive design. Using anything from the 2.2 era (or earlier) should be a capital offense. Quote Link to comment Share on other sites More sharing options...
♥John W Posted March 20, 2018 Share Posted March 20, 2018 Have you checked the site at https://www.ssllabs.com/ssltest/ to see if it supports TLS1.2? It is a server requirement, but if they are running an old version of php, then they may not have support for tls 1.2. If that's not supported then A.net is not going to work. That's probably the problem. It is possible there is a curl option setting it to a lower version of SSL, but I doubt that is what the problem is because it would have been set to something already discontinued like SSL V3. Quote I'm not really a dog. Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.