Re: POODLE vulnerability in SSLv3
Obviously, after turning off SSL3 on the server we no longer had the ability to enter credit card information within the checkout process.
We then patched our x-cart Version 4.5.5 using X-PAYMENTS v.1.0.2 manually by:
1.) removing the line of code
curl_setopt($ch, CURLOPT_SSLVERSION, 3);
from
modules/XPayments_Connector/xpc_func.php
We did not see the following line within our version of x-cart:
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'DEFAULT');
So this step was bypassed.
2.) We then Removed
if ($use_ssl3)
curl_setopt ($ch, CURLOPT_SSLVERSION, 3);
from
func.https_X.php file
3.) As per x-cart tech support, we then made sure our servers were running cURL v 7.18.1 or newer.
That was all we did and everything is working fine once again.
I hope this helps someone else.
__________________
4.0x - 4.5x
|