Jump to content
dlcmpls

Authorize.net Consolidated v1.7 by Austin519

Recommended Posts

*** Please don't tell me to update osCommerce.  The customer won't do that.  I understand that updating is best, but it's not an option ***

Hi everyone.

I'm working on a very, very old customer site.

The site stopped communicating with Authorize last week. 

We are using this module:

        Authorize.net Consolidated v1.7 by Austin519

Of course that's a very, very old module.

When running an order, upon final submission of the order, the only message that gets outputted is:

The server cannot connect to Authorize.net. Please check your cURL and server settings.

I'm guessing this all due to Authorize implementing TLS 1.2 and disabling earlier versions.

Our site was running fine until 3/10/18

I can't find a solution.

Can anyone advise?

I've included a screenshot of the module configuration.

*** Please don't tell me to update osCommerce.  The customer won't do that.  I understand that updating is best, but it's not an option ***

 

authorize.JPG

Share this post


Link to post
Share on other sites

Authorize.net disabled tls 1.0/1.1 for us on 3/1. When you say "please don't tell me to upgrade..." that's a tough thing to avoid. Because to get tls 1.2 openssl requirements almost inevitably means upgrades of software that then may require osc updates. . OpenSSL has to be something updated on the server as well, not locally on your website. I've worked with a few customers facing this and have an short-term alternative. Basically I put up a proxy server that instead of pointing your transactions to Authorize.net, point it to the proxy and the proxy funnels all requests (tls 1.2 complaint) between the end-points. I'm sure not PCI complaint, but it works. 

-Robert

Edited by burt
Remove PM request

Share this post


Link to post
Share on other sites

*** Please don't tell me to update osCommerce.  The customer won't do that.  I understand that updating is best, but it's not an option ***

Unfortunately, that's the only real option. I can't understand why store owners refuse to keep their store reasonably updated, so it works with the current PHP, MySQL, and other subsystems. They think they can just coast along with their initial installation, and it will work forever. It won't. If you want to drive your Model T Ford at night on the Interstate, be prepared to be run over a few times by 18-wheelers. It will be very costly and time-consuming to dig through all the code and update everything, as compared to upgrading properly.

For a basic store, they simply install and configure the "Edge" version, and migrate their data over. I have some sympathy for those who have invested a great deal of time and/or money into customizing their store, but they simply have to realize that no software lasts forever. The base software needs to be periodically refreshed, and transferring over customizations (whether custom code or add-ons) should be no more than a minor inconvenience if good records have been kept regarding what has been done to the store.


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get (stable) Frozenpatches or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites

Thank you Robert and Phil.

I fully understand the need to update.

But it's not my call.  And the client won't do it.

Anyone else have suggestions?

Share this post


Link to post
Share on other sites

Well, what's the customer expecting can be done? With such an old system, it's likely that something else will break soon, even if you switch payment systems (e.g., to PayPal). If they're not willing to spend the money to get up to current standards, all I can suggest is that you walk away from this job. It's not going to be worth the headaches you'll get trying to bring it up to snuff on a shoestring (which sounds like what the client is trying to do). If you have already sat down with the client and explained that it will likely be cheaper and safer to upgrade than to try to muddle through a patching process, and they still won't, I think it's a lost cause.

Just out of curiosity, how old is "very old"? Frankly, anything older than 2.3.4.1 is obsolete (won't even run on current systems), and only "Edge" is up to date in features, including responsive design. Using anything from the 2.2 era (or earlier) should be a capital offense.


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get (stable) Frozenpatches or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites

Have you checked the site at https://www.ssllabs.com/ssltest/  to see if it supports TLS1.2?  It is a server requirement, but if they are running an old version of php, then they may not have support for tls 1.2.  If that's not supported then A.net is not going to work.  That's probably the problem.

It is possible there is a curl option setting it to a lower version of SSL, but I doubt that is what the problem is because it would have been set to something already discontinued like SSL V3.

 


I'm not really a dog.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×