Re: POODLE vulnerability in SSLv3
We are having trouble with an x-cart installation using Version 4.5.5 with X-PAYMENTS v.1.0.2.
After turning off SSL3 on the server we no longer had the ability to enter credit card information within the checkout process.
We therefore patched our x-cart installation manually by:
1.) removing the line of code
curl_setopt($ch, CURLOPT_SSLVERSION, 3);
from
modules/XPayments_Connector/xpc_func.php
We did not see the following line within our version of x-cart:
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'DEFAULT');
So this step was bypassed.
2.) We then tested with no luck.
3.) We then Removed
if ($use_ssl3)
curl_setopt ($ch, CURLOPT_SSLVERSION, 3);
from the func.https_X.php file and tested again. Still no luck
4.) We then installed the newest X-Payments Connector, and white screened the entire cart.
Any suggestions?
__________________
4.0x - 4.5x
|