Jump to content
Sign in to follow this  
bmdennst

authorize.net ssl 3.0 upgrade concerns

Recommended Posts

I just receieved this notice from Authorize.net - does anyone know if oscommerce's modules for authorize.net need to be updated or enhanced?

 

 

 

Dear Authorize.Net Developer:

 

During the week of March 16 - 20, 2009, Authorize.Net will be deprecating all legacy support for the SSL 2.0 protocol. Changes have recently been made to the Payment Card Industry Data Security Standard (PCI DSS) which have made the use of SSL 2.0 a PCI DSS violation.

 

Due to this change, it is critical that you update any applications or integrations that may be using the SSL 2.0 protocol to support the more current SSL 3.0/TLS 1.0 protocols. Failure to upgrade your applications or integrations may result in a lost ability to successfully process transactions via the Authorize.Net Payment Gateway.

 

If you have merchants who are currently using SSL 2.0 to connect to the Authorize.Net Payment Gateway, you must contact them immediately and arrange to update their integrations to the SSL 3.0/TLS 1.0 protocols.

 

For more information on the limitations of SSL 2.0 and the advantages of SSL 3.0/TLS 1.0, we recommend reviewing the white paper Analysis of the SSL 3.0 Protocol.

 

If you have any questions, please contact developer@authorize.net.

Share this post


Link to post
Share on other sites
I just receieved this notice from Authorize.net - does anyone know if oscommerce's modules for authorize.net need to be updated or enhanced?

 

Greetings,

 

We have plans to publish an open source module that would resolve all SSL 3.0 compatibility issues with the Authorize.Net gateway.

This module will be fully compliant to PCI DSS standards.

 

 

RELEASE DATE: 02/20/2009

 

Best Regards,

Hasan Robinson

Edited by Jan Zonjee

Share this post


Link to post
Share on other sites

so does this work with the Authorize Net AIM module (GPL) contribution? i see the only file that was contributed was the authorizenet_cc_aim.php, but the filename is different from the one provided in the Authorize Net AIM module (GPL) contribution. i'm going to have to switch from paypal to Authorize Net because paypal is hassling me with all the refunds we do (like we have control over that). i need to figure out how this is going to work.

Edited by jasyn

Share this post


Link to post
Share on other sites

To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342):

curl_setopt($curl, CURLOPT_HEADER, 0);

 

and insert the following as a new line below that:

curl_setopt($ch, CURLOPT_SSLVERSION, 3);

 

Has anyone looked at authorizenet_aim.php (from Vger's contribution) to see what changes are needed? The CURL code is:

 

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL,$url);

curl_setopt($ch, CURLOPT_VERBOSE, 0);

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, $data);

curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);

$authorize = curl_exec($ch);

curl_close ($ch);

Share this post


Link to post
Share on other sites
To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342):

curl_setopt($curl, CURLOPT_HEADER, 0);

 

and insert the following as a new line below that:

curl_setopt($ch, CURLOPT_SSLVERSION, 3);

 

Has anyone looked at authorizenet_aim.php (from Vger's contribution) to see what changes are needed? The CURL code is:

 

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL,$url);

curl_setopt($ch, CURLOPT_VERBOSE, 0);

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, $data);

curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);

$authorize = curl_exec($ch);

curl_close ($ch);

BTW, my Server Info shows:

Registered Stream Socket Transports tcp,udp,unix,udg,ssl,sslv3,sslv2,tls

 

So, I'm going to guess that I'm okay (since sslv3 is listed) and that I don't need to modify authorizenet_aim.php............can anyone who knows more about this than I do (probably most of you) verify that?

Share this post


Link to post
Share on other sites

Ok, so I made the small change to the new auth.net ssl3 module. Just to verify:

 

You need to "Add" this line or "change" the variable in the existing line from "$curl" to "$ch"

 

To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342):

curl_setopt($curl, CURLOPT_HEADER, 0);

 

and insert the following as a new line below that:

curl_setopt($ch, CURLOPT_SSLVERSION, 3);

 

----When I change to the line you have above and run a transaction, this is the error I get------------

 

Warning: curl_setopt(): supplied argument is not a valid cURL handle resource in cart/includes/modules/payment/authorizenet_cc_aim.php on line 343

 

Warning: Cannot modify header information - headers already sent by (output started at public_html/cart/includes/modules/payment/authorizenet_cc_aim.php:343) in public_html/cart/includes/functions/general.php on line 33

 

 

Any suggestions?

Share this post


Link to post
Share on other sites
Ok, so I made the small change to the new auth.net ssl3 module. Just to verify:

 

You need to "Add" this line or "change" the variable in the existing line from "$curl" to "$ch"

 

To fix authorizenet_cc_aim.php, it looks like all you have to do is find this (around line 342):

curl_setopt($curl, CURLOPT_HEADER, 0);

 

and insert the following as a new line below that:

curl_setopt($ch, CURLOPT_SSLVERSION, 3);

 

----When I change to the line you have above and run a transaction, this is the error I get------------

 

Warning: curl_setopt(): supplied argument is not a valid cURL handle resource in cart/includes/modules/payment/authorizenet_cc_aim.php on line 343

 

Warning: Cannot modify header information - headers already sent by (output started at public_html/cart/includes/modules/payment/authorizenet_cc_aim.php:343) in public_html/cart/includes/functions/general.php on line 33

 

 

Any suggestions?

I don't know if it makes any difference at all, but you might try:

 

curl_setopt ($ch, CURLOPT_SSLVERSION,3);

 

See http://bluesunh.springnote.com/pages/1231596.xhtml (about half way down the page, look for CURLOPT_SSLVERSION). The only difference I can see is the elimination of one space and the addition of another.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×