X-Cart forums

[ambal]

Seldomseen, please make sure your server cURL supports TLS 1.0/1.1 as well (check with your hosting admin).

[Seldomseen]

Quote:

Originally Posted by ambal

Seldomseen, please make sure your server cURL supports TLS 1.0/1.1 as well (check with your hosting admin).

Yes according to the host - even tested it.

So far here is what I have done:

Prior to X-Pay ssl disable:

1. installed: remove_ssl3-2014-10-30_4.5.5

After failure when it was disabled:

1. Verified with host cURL version. The also installed a perl module they though may have been a dependency.

2. Verified installation of patch per Post #98. I also reviewed the DIFF provided in that post, but the version of cc_authorizenet.php is different than mine.

3. Reviewed modules specified in Post #115 for "use_ssl" string. I think these were a part of the patch, so nothing found.

4. Verified with host that TLS is supported by cURL.

I am not sure what to do at this point.

Thanks for your help.

[Seldomseen]

My issue is now resolved. I somehow missed post #3 and needed to remove:

curl_setopt($ch, CURLOPT_SSLVERSION, 3);

from modules/XPayments_Connector/xpc_func.php.

[ambal]

Quote:

Originally Posted by Seldomseen

My issue is now resolved. I somehow missed post #3 and needed to remove:

curl_setopt($ch, CURLOPT_SSLVERSION, 3);

from modules/XPayments_Connector/xpc_func.php.

Yep, the X-Payments connector patch has been published at the very beginning of this thread that was created as about addressing the POODLE in X-Payments originally but after some time it became "whole X-Cart community the POODLE thread" and you could miss the point that for X-Payments you need to patch X-Payments connector at X-Cart side.

I am happy to know you figured out after all! Have a great Cyber Monday next week!

[simcomedia]

I have this exact issue. But, with a twist. About 6 weeks ago I 'patched' this Xcart with a security patch downloaded from the files area. Therefore the .diff file you've recommended above won't work on our cart since it states 'could not patch' when trying to upload and install it.

No orders can get through right now so we're really searching for a solution here.

I did download the complete Xpayments package your link pointed to on Google Drive. But it's unclear if I should:

1) upload these files and write over the existing, or
2) remove the current Xpayments folder/files and treat this like a new install
3) save all the various settings in Xpayments configuration as a precaution, then upload all the new files to overwrite existing, run the installation program, and somehow it will know it's an 'update' and not a new installation.

Any help would be magnificent. Thank you in advance.

[cflsystems]

You just need to patch the files manually - http://help.x-cart.com/ - search for patching files

[ambal]

> I did download the complete Xpayments package your link pointed to on Google
> Drive. But it's unclear if

Please do not get confused. The package you are referring here is not X-Payments. It is X-Payments connector module for X-Cart 4.x that needs to be installed instead of your current X-Cart 4.x X-Payments connector in X-Cart.

[cherie]

Quote:

Originally Posted by Ksenia

NOT affected: 4.2.1 and earlier ; 4.6.5 (the latest currently) ; all versions of X-Cart 5.x

Applying these patches is a must of you use:
...
*UPS;

Looks like UPS turned off SSLv3 support and it broke fully-patched 4.0.19 and 4.1.12 stores, so a patch is needed for these versions after all.

• 4.1 - Use the 4.2 patches
• 4.0 - Manually patch the similarly named files found in /payment

[cflsystems]

Yes finding the same today.

[totaltec]

Quote:

Originally Posted by cflsystems

Yes finding the same today.

Me too, had several client sited whose UPS shipping went down.