Jump to content


Hosting Developers Payment Shipping Accounting Templates Marketing Books

Our Partners


Latest News: (loading..)

authorize.net ssl 3.0 upgrade concerns

Started by bmdennst, Feb 17 2009 08:29 PM

  • Please log in to reply
7 replies to this topic

#1   bmdennst

bmdennst
  • Members
  • 4 posts
  • Real Name:Bryan Dennstedt

Posted 17 February 2009 - 08:29 PM

I just receieved this notice from Authorize.net - does anyone know if oscommerce's modules for authorize.net need to be updated or enhanced?



Quote

Dear Authorize.Net Developer:

During the week of March 16 - 20, 2009, Authorize.Net will be deprecating all legacy support for the SSL 2.0 protocol. Changes have recently been made to the Payment Card Industry Data Security Standard (PCI DSS) which have made the use of SSL 2.0 a PCI DSS violation.

Due to this change, it is critical that you update any applications or integrations that may be using the SSL 2.0 protocol to support the more current SSL 3.0/TLS 1.0 protocols. Failure to upgrade your applications or integrations may result in a lost ability to successfully process transactions via the Authorize.Net Payment Gateway.

If you have merchants who are currently using SSL 2.0 to connect to the Authorize.Net Payment Gateway, you must contact them immediately and arrange to update their integrations to the SSL 3.0/TLS 1.0 protocols.

For more information on the limitations of SSL 2.0 and the advantages of SSL 3.0/TLS 1.0, we recommend reviewing the white paper Analysis of the SSL 3.0 Protocol.

If you have any questions, please contact developer@authorize.net.

#2   soundcommerce

soundcommerce
  • Members
  • 5 posts
  • Real Name:Sound Commmerce LLC
  • Gender:Male
  • Location:Kansas City, MO

Posted 18 February 2009 - 11:40 PM

View Postbmdennst, on Feb 17 2009, 04:29 PM, said:

I just receieved this notice from Authorize.net - does anyone know if oscommerce's modules for authorize.net need to be updated or enhanced?

Greetings,

We have plans to publish an open source module that would resolve all SSL 3.0 compatibility issues with the Authorize.Net gateway.
This module will be fully compliant to PCI DSS standards.


RELEASE DATE: 02/20/2009

Best Regards,
Hasan Robinson

Edited by Jan Zonjee, 22 February 2009 - 08:11 PM.

#3   soundcommerce

soundcommerce
  • Members
  • 5 posts
  • Real Name:Sound Commmerce LLC
  • Gender:Male
  • Location:Kansas City, MO

Posted 19 February 2009 - 02:55 AM

Greetings,

The release has been published, you can download the updated module at:

http://addons.oscommerce.com/info/6562

Best Regards,
Hasan Robinson

Edited by Jan Zonjee, 22 February 2009 - 08:11 PM.

#4   jasyn

jasyn
  • Members
  • 282 posts
  • Real Name:Jason
  • Gender:Male

Posted 19 February 2009 - 09:20 PM

so does this work with the Authorize Net AIM module (GPL) contribution? i see the only file that was contributed was the authorizenet_cc_aim.php, but the filename is different from the one provided in the Authorize Net AIM module (GPL) contribution. i'm going to have to switch from paypal to Authorize Net because paypal is hassling me with all the refunds we do (like we have control over that). i need to figure out how this is going to work.

Edited by jasyn, 19 February 2009 - 09:22 PM.

#5   baddog

baddog
  • Members
  • 1,150 posts
  • Real Name:Dave
  • Gender:Male
  • Location:Columbus, Ohio

Posted 19 February 2009 - 09:55 PM

To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342):
curl_setopt($curl, CURLOPT_HEADER, 0);

and insert the following as a new line below that:
curl_setopt($ch, CURLOPT_SSLVERSION, 3);

Has anyone looked at authorizenet_aim.php (from Vger's contribution) to see what changes are needed?  The CURL code is:

      $ch = curl_init();
      curl_setopt($ch, CURLOPT_URL,$url);
      curl_setopt($ch, CURLOPT_VERBOSE, 0);
      curl_setopt($ch, CURLOPT_POST, 1);
      curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
      curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
      $authorize = curl_exec($ch);
      curl_close ($ch);

#6   baddog

baddog
  • Members
  • 1,150 posts
  • Real Name:Dave
  • Gender:Male
  • Location:Columbus, Ohio

Posted 19 February 2009 - 10:07 PM

View Postbaddog, on Feb 19 2009, 04:55 PM, said:

To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342):
curl_setopt($curl, CURLOPT_HEADER, 0);

and insert the following as a new line below that:
curl_setopt($ch, CURLOPT_SSLVERSION, 3);

Has anyone looked at authorizenet_aim.php (from Vger's contribution) to see what changes are needed?  The CURL code is:

      $ch = curl_init();
      curl_setopt($ch, CURLOPT_URL,$url);
      curl_setopt($ch, CURLOPT_VERBOSE, 0);
      curl_setopt($ch, CURLOPT_POST, 1);
      curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
      curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
      $authorize = curl_exec($ch);
      curl_close ($ch);
BTW, my Server Info shows:
Registered Stream Socket Transports  tcp,udp,unix,udg,ssl,sslv3,sslv2,tls  

So, I'm going to guess that I'm okay (since sslv3 is listed) and that I don't need to modify authorizenet_aim.php............can anyone who knows more about this than I do (probably most of you) verify that?

#7   mroche

mroche
  • Members
  • 4 posts
  • Real Name:Mike Senn
  • Gender:Male

Posted 04 March 2009 - 01:43 AM

Ok, so I made the small change to the new auth.net ssl3 module. Just to verify:

You need to "Add" this line or "change" the variable in the existing line from "$curl" to "$ch"

To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342):
curl_setopt($curl, CURLOPT_HEADER, 0);

and insert the following as a new line below that:
curl_setopt($ch, CURLOPT_SSLVERSION, 3);

----When I change to the line you have above and run a transaction, this is the error I get------------

Warning: curl_setopt(): supplied argument is not a valid cURL handle resource in cart/includes/modules/payment/authorizenet_cc_aim.php on line 343

Warning: Cannot modify header information - headers already sent by (output started at public_html/cart/includes/modules/payment/authorizenet_cc_aim.php:343) in public_html/cart/includes/functions/general.php on line 33


Any suggestions?

#8   baddog

baddog
  • Members
  • 1,150 posts
  • Real Name:Dave
  • Gender:Male
  • Location:Columbus, Ohio

Posted 04 March 2009 - 02:42 AM

View Postmroche, on Mar 3 2009, 08:43 PM, said:

Ok, so I made the small change to the new auth.net ssl3 module. Just to verify:

You need to "Add" this line or "change" the variable in the existing line from "$curl" to "$ch"

To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342):
curl_setopt($curl, CURLOPT_HEADER, 0);

and insert the following as a new line below that:
curl_setopt($ch, CURLOPT_SSLVERSION, 3);

----When I change to the line you have above and run a transaction, this is the error I get------------

Warning: curl_setopt(): supplied argument is not a valid cURL handle resource in cart/includes/modules/payment/authorizenet_cc_aim.php on line 343

Warning: Cannot modify header information - headers already sent by (output started at public_html/cart/includes/modules/payment/authorizenet_cc_aim.php:343) in public_html/cart/includes/functions/general.php on line 33


Any suggestions?
I don't know if it makes any difference at all, but you might try:

curl_setopt ($ch, CURLOPT_SSLVERSION,3);

See http://bluesunh.springnote.com/pages/1231596.xhtml (about half way down the page, look for CURLOPT_SSLVERSION).  The only difference I can see is the elimination of one space and the addition of another.
Back to Authorize.net


  1. osCommerce Support Forum
  2. osCommerce Online Merchant v2.x
  3. Add-Ons
  4. Payment Modules
  5. Authorize.net
  6. Privacy Policy
  7. Forum Rules ·