View Single Post
  #9  
Old 10-17-2014, 07:06 AM
  ambal's Avatar 
ambal ambal is offline
 

X-Cart team
  
Join Date: Sep 2002
Posts: 4,119
 

Default Re: POODLE vulnerability in SSLv3

Mark,

Quote:
Originally Posted by Mark N
Can't seem to get this patch to apply - looks like the xpc_func.php I have is different - I haven't applied any customizations to this file but it doesn't appear to match what is in the diff - here is my version info of the file (running XC 4.6.3):

* @version 58ab7bdc89b3d4cd894ef7d853bcc6f0c4dcca6b, v101 (xcart_4_6_2), 2014-02-03 17:25:33, xpc_func.php, aim


In order to make the change manually in file
modules/XPayments_Connector/xpc_func.php

find a line of code
curl_setopt($ch, CURLOPT_SSLVERSION, 3);

and remove it.

If you see near the above line of code this:
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'DEFAULT');
remove this, too.

Quote:
Originally Posted by Mark N
I'm nervous about putting a new connector in place, have seen conflicting information about whether or not it supports X-Payments 1.0.6. Can you clarify Alex?

It does support v1.0.6 but only for credit card processing. Anyways, we always recommend to test new modules before letting them go live. E.g. on a test server.
__________________
Sincerely yours,
Alex Mulin
VP of Business Development for X-Cart
X-Payments product manager
Reply With Quote