Does Authorize.net's recent announcement affect OpenCart transactions? I have one project on 1.5.1.3 using Authorize.Net (AIM) payment gateway.
Authorize.net POODLE FAQ
A quick fix (rather than disabling SSLv3 on your server) is to force curl to use TLS instead.
In theory you can just pop this line in under the rest of the curl options (around line 104) in /catalog/controller/payment/authorize_aim.php
I've not tested this in Authorize.net's sandbox yet, just waiting until later when the site goes quieter.
In theory you can just pop this line in under the rest of the curl options (around line 104) in /catalog/controller/payment/authorize_aim.php
Code: Select all
curl_setopt($curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
I was curious about this fix as well but i don't think it is working, unless i placed this line incorrectly... Here is what i did
I tried to place an order and it failed and then i removed the added line and it went through.
Code: Select all
curl_setopt($curl, CURLOPT_PORT, 443);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_FORBID_REUSE, 1);
curl_setopt($curl, CURLOPT_FRESH_CONNECT, 1);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($curl, CURLOPT_TIMEOUT, 10);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($data, '', '&'));
curl_setopt($curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
The change suggested here, and which you made, is what authorize.net recommends:
http://community.developer.authorize.ne ... ba-p/48163
I haven't tested this myself, but I'll give it a whirl myself to see what happens and report back
http://community.developer.authorize.ne ... ba-p/48163
I haven't tested this myself, but I'll give it a whirl myself to see what happens and report back
I haven't had the chance to test yet, but the code I posted is for a server where the version of curl is <v7.34.0
If your hosting uses v7.34.0 or later then this may work instead
You can check the version of curl using the phpinfo() function.
If your hosting uses v7.34.0 or later then this may work instead
Code: Select all
curl_setopt($curl_request, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
I am not sure why it isnt working for me here but when i try the code for below 7.34.0 it doesnt work for me at all. I am using OpenCart Version 1.5.4
Do i need to remove anything from around 104 to make it work?
Thanks,
T
Do i need to remove anything from around 104 to make it work?
Thanks,
T
Hey guys,
I couldnt test this yet since all our client sites are live sites. We have dedicated server with all shopping carts installed with SSL certificate. Some shopping carts we installed and live are bit older authorize.net versions. I could not understand the insights of this issue.
In which situations authorize.net AIM modules will initiate the connection with authize.net api using sslv3. Say we disable poodle attack on server wide. Still this issue can happen and should we add a code in authorize.net module.
I think guys who have detailed knowledge on how authorize.net module initiates the connection api will answer the question in which situations we have to add a fix to inbuild module.
Thank you.
I couldnt test this yet since all our client sites are live sites. We have dedicated server with all shopping carts installed with SSL certificate. Some shopping carts we installed and live are bit older authorize.net versions. I could not understand the insights of this issue.
In which situations authorize.net AIM modules will initiate the connection with authize.net api using sslv3. Say we disable poodle attack on server wide. Still this issue can happen and should we add a code in authorize.net module.
I think guys who have detailed knowledge on how authorize.net module initiates the connection api will answer the question in which situations we have to add a fix to inbuild module.
Thank you.
Added the
to the authorize_aim.php.
Transaction still works. Need to wait for 11/5 to see if this is actually working.
Did disable SSLv3 on the hosting server. Only time will tell.
Code: Select all
curl_setopt($curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
Transaction still works. Need to wait for 11/5 to see if this is actually working.
Did disable SSLv3 on the hosting server. Only time will tell.
You can check how your SSL certificate is signed here as well. I know the domain is odd but it's legit.
https://shaaaaaaaaaaaaa.com/
https://shaaaaaaaaaaaaa.com/
Who is online
Users browsing this forum: No registered users and 18 guests