| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
#91
|
|||||||
|
|||||||
Re: POODLE vulnerability in SSLv3
My transaction error logs from the last few days.
Online payment processing errors [05-Nov-2014 22:06:02] (shop: 05-Nov-2014 22:06:02) PAYMENTS message: Payment processing failure. Login: stacyscho28 IP: 50.88.207.157 ---- Payment method: Credit Card (AuthorizeNet - AIM) bill_output = Array ( [cvvmes] => 3 digit(s) / [code] => 2 [billmes] => Error: (Reason Code / Sub ) ) original_bill_output = Array ( [cvvmes] => 3 digit(s) / [code] => 2 [billmes] => Error: (Reason Code / Sub ) ) responses of https requests = Array ( [31-12-1969 18:00:00 1415246762] => Array ( [0] => 0 [1] => X-Cart HTTPS: libcurl error(35): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number ) ) Request URI: /payment/payment_cc.php Backtrace: /home4/thesarca/public_html/sarcasmshop/payment/payment_ccmid.php:261 /home4/thesarca/public_html/sarcasmshop/payment/payment_ccend.php:41 /home4/thesarca/public_html/sarcasmshop/payment/payment_cc.php:257 [05-Nov-2014 22:09:39] (shop: 05-Nov-2014 22:09:39) PAYMENTS message: Payment processing failure. Login: stacyscho28 IP: 50.88.207.157 ---- Payment method: Credit Card (AuthorizeNet - AIM) bill_output = Array ( [cvvmes] => 3 digit(s) / [code] => 2 [billmes] => Error: (Reason Code / Sub ) ) original_bill_output = Array ( [cvvmes] => 3 digit(s) / [code] => 2 [billmes] => Error: (Reason Code / Sub ) ) responses of https requests = Array ( [31-12-1969 18:00:00 1415246979] => Array ( [0] => 0 [1] => X-Cart HTTPS: libcurl error(35): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number ) ) Request URI: /payment/payment_cc.php Backtrace: /home4/thesarca/public_html/sarcasmshop/payment/payment_ccmid.php:261 /home4/thesarca/public_html/sarcasmshop/payment/payment_ccend.php:41 /home4/thesarca/public_html/sarcasmshop/payment/payment_cc.php:257 [05-Nov-2014 22:18:27] (shop: 05-Nov-2014 22:18:27) PAYMENTS message: Payment processing failure. Login: anonymous-3050 IP: 72.188.58.41 ---- Payment method: Credit Card (AuthorizeNet - AIM) bill_output = Array ( [cvvmes] => 3 digit(s) / [code] => 2 [billmes] => Error: (Reason Code / Sub ) ) original_bill_output = Array ( [cvvmes] => 3 digit(s) / [code] => 2 [billmes] => Error: (Reason Code / Sub ) ) responses of https requests = Array ( [31-12-1969 18:00:00 1415247507] => Array ( [0] => 0 [1] => X-Cart HTTPS: libcurl error(35): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number ) ) Request URI: /payment/payment_cc.php Backtrace: /home4/thesarca/public_html/sarcasmshop/payment/payment_ccmid.php:261 /home4/thesarca/public_html/sarcasmshop/payment/payment_ccend.php:41 /home4/thesarca/public_html/sarcasmshop/payment/payment_cc.php:257 [06-Nov-2014 08:26:10] (shop: 06-Nov-2014 08:26:10) PAYMENTS message: Payment processing failure. Login: anonymous-3053 IP: 72.188.58.41 ---- Payment method: Credit Card (AuthorizeNet - AIM) bill_output = Array ( [cvvmes] => 3 digit(s) / [code] => 2 [billmes] => Error: (Reason Code / Sub ) ) original_bill_output = Array ( [cvvmes] => 3 digit(s) / [code] => 2 [billmes] => Error: (Reason Code / Sub ) ) responses of https requests = Array ( [31-12-1969 18:00:00 1415283970] => Array ( [0] => 0 [1] => X-Cart HTTPS: libcurl error(35): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number ) ) Request URI: /payment/payment_cc.php Backtrace: /home4/thesarca/public_html/sarcasmshop/payment/payment_ccmid.php:261 /home4/thesarca/public_html/sarcasmshop/payment/payment_ccend.php:41 /home4/thesarca/public_html/sarcasmshop/payment/payment_cc.php:257 [06-Nov-2014 11:05:33] (shop: 06-Nov-2014 11:05:33) PAYMENTS message: Payment processing failure. Login: anonymous-3055 IP: 72.188.58.41 ---- Payment method: Credit Card (AuthorizeNet - AIM) bill_output = Array ( [cvvmes] => 3 digit(s) / [code] => 2 [billmes] => Error: (Reason Code / Sub ) ) original_bill_output = Array ( [cvvmes] => 3 digit(s) / [code] => 2 [billmes] => Error: (Reason Code / Sub ) ) responses of https requests = Array ( [31-12-1969 18:00:00 1415293533] => Array ( [0] => 0 [1] => X-Cart HTTPS: libcurl error(35): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number ) ) Request URI: /payment/payment_cc.php Backtrace: /home4/thesarca/public_html/sarcasmshop/payment/payment_ccmid.php:261 /home4/thesarca/public_html/sarcasmshop/payment/payment_ccend.php:41 /home4/thesarca/public_html/sarcasmshop/payment/payment_cc.php:257 |
|||||||
#92
|
|||||||||
|
|||||||||
Re: POODLE vulnerability in SSLv3
Bob,
Are you sure the patch is up? It looks like it's trying to connect with SSL3 still. Anyone though on your version should be using our DPM module or CIM module to keep Authorize.net (both mods solve the Poodle issue too) The reason being the PCI compliance change from several years ago prohibits you from having your cart send card data, which AIM does. DPM and CIM do not pass the card data through your store. Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
#93
|
|||||||
|
|||||||
Re: POODLE vulnerability in SSLv3
Bob,
What OS is running on your server? I think I've narrowed down my issue to a server OS update which updated OpenSSL as well.
__________________
x-cart 4.2.3 & 4.6.0 |
|||||||
#94
|
|||||||
|
|||||||
Re: POODLE vulnerability in SSLv3
My developer said he got a message stating the patch was successful when he installed it last weekend. I am using Hostgator and the OS is Linux CentOS
|
|||||||
#95
|
|||||||
|
|||||||
Re: POODLE vulnerability in SSLv3
Is there a way to view if the patch is installed?
|
|||||||
#96
|
|||||||
|
|||||||
Re: POODLE vulnerability in SSLv3
I fixed my issue...
If we want to use TLS, why is TLS = False being set in this patch?!?!
__________________
x-cart 4.2.3 & 4.6.0 |
|||||||
#97
|
|||||||
|
|||||||
Re: POODLE vulnerability in SSLv3
I noticed Hostgator is running CURL 7.12.1
|
|||||||
#98
|
|||||||
|
|||||||
Re: POODLE vulnerability in SSLv3
Quote:
Check if you have this code Code:
in the include/func/func.https_libcurl.php file. I have prepared a quick patch for you which works with any version of the include/func/func.https_libcurl.php file authorize_disable_ssl3.diff
__________________
Sincerely yours, Ildar Amankulov Head of Maintenance group |
|||||||
#99
|
|||||||||
|
|||||||||
Re: POODLE vulnerability in SSLv3
JFYI, PayPal disables SSLv3 on Dec 3rd 2014.
https://www.paypal-marketing.com/emarketing/partner/na/notice-2014/poodle_email2_online?trid=2000008887758&uid=e33758 d5Lpisho27t X-Payments servers are going to discontinue supporting SSLv3 on Nov 19th 2014.
__________________
Sincerely yours, Alex Mulin VP of Business Development for X-Cart X-Payments product manager |
|||||||||
|
|||
X-Cart forums © 2001-2020
|