Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls
X-Cart Home FAQ Forum rules Calendar User manuals Login  

POODLE vulnerability in SSLv3

 
Reply
   X-Cart forums > X-Payments > X-Payments issues & questions
Page 10 of 14 « First < 89 10 1112 > Last »
 
Thread Tools
  #91  
Old 11-06-2014, 03:23 PM
 
TheSarcasmShop TheSarcasmShop is offline
 

Member
   
Join Date: Nov 2010
Posts: 24
 
Default Re: POODLE vulnerability in SSLv3
My transaction error logs from the last few days.

Online payment processing errors

[05-Nov-2014 22:06:02] (shop: 05-Nov-2014 22:06:02) PAYMENTS message:
Payment processing failure.
Login: stacyscho28
IP: 50.88.207.157
----
Payment method: Credit Card (AuthorizeNet - AIM)
bill_output = Array
(
[cvvmes] => 3 digit(s) /
[code] => 2
[billmes] => Error: (Reason Code / Sub )
)
original_bill_output = Array
(
[cvvmes] => 3 digit(s) /
[code] => 2
[billmes] => Error: (Reason Code / Sub )
)
responses of https requests = Array
(
[31-12-1969 18:00:00 1415246762] => Array
(
[0] => 0
[1] => X-Cart HTTPS: libcurl error(35): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
)

)
Request URI: /payment/payment_cc.php
Backtrace:
/home4/thesarca/public_html/sarcasmshop/payment/payment_ccmid.php:261
/home4/thesarca/public_html/sarcasmshop/payment/payment_ccend.php:41
/home4/thesarca/public_html/sarcasmshop/payment/payment_cc.php:257
[05-Nov-2014 22:09:39] (shop: 05-Nov-2014 22:09:39) PAYMENTS message:
Payment processing failure.
Login: stacyscho28
IP: 50.88.207.157
----
Payment method: Credit Card (AuthorizeNet - AIM)
bill_output = Array
(
[cvvmes] => 3 digit(s) /
[code] => 2
[billmes] => Error: (Reason Code / Sub )
)
original_bill_output = Array
(
[cvvmes] => 3 digit(s) /
[code] => 2
[billmes] => Error: (Reason Code / Sub )
)
responses of https requests = Array
(
[31-12-1969 18:00:00 1415246979] => Array
(
[0] => 0
[1] => X-Cart HTTPS: libcurl error(35): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
)

)
Request URI: /payment/payment_cc.php
Backtrace:
/home4/thesarca/public_html/sarcasmshop/payment/payment_ccmid.php:261
/home4/thesarca/public_html/sarcasmshop/payment/payment_ccend.php:41
/home4/thesarca/public_html/sarcasmshop/payment/payment_cc.php:257
[05-Nov-2014 22:18:27] (shop: 05-Nov-2014 22:18:27) PAYMENTS message:
Payment processing failure.
Login: anonymous-3050
IP: 72.188.58.41
----
Payment method: Credit Card (AuthorizeNet - AIM)
bill_output = Array
(
[cvvmes] => 3 digit(s) /
[code] => 2
[billmes] => Error: (Reason Code / Sub )
)
original_bill_output = Array
(
[cvvmes] => 3 digit(s) /
[code] => 2
[billmes] => Error: (Reason Code / Sub )
)
responses of https requests = Array
(
[31-12-1969 18:00:00 1415247507] => Array
(
[0] => 0
[1] => X-Cart HTTPS: libcurl error(35): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
)

)
Request URI: /payment/payment_cc.php
Backtrace:
/home4/thesarca/public_html/sarcasmshop/payment/payment_ccmid.php:261
/home4/thesarca/public_html/sarcasmshop/payment/payment_ccend.php:41
/home4/thesarca/public_html/sarcasmshop/payment/payment_cc.php:257
[06-Nov-2014 08:26:10] (shop: 06-Nov-2014 08:26:10) PAYMENTS message:
Payment processing failure.
Login: anonymous-3053
IP: 72.188.58.41
----
Payment method: Credit Card (AuthorizeNet - AIM)
bill_output = Array
(
[cvvmes] => 3 digit(s) /
[code] => 2
[billmes] => Error: (Reason Code / Sub )
)
original_bill_output = Array
(
[cvvmes] => 3 digit(s) /
[code] => 2
[billmes] => Error: (Reason Code / Sub )
)
responses of https requests = Array
(
[31-12-1969 18:00:00 1415283970] => Array
(
[0] => 0
[1] => X-Cart HTTPS: libcurl error(35): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
)

)
Request URI: /payment/payment_cc.php
Backtrace:
/home4/thesarca/public_html/sarcasmshop/payment/payment_ccmid.php:261
/home4/thesarca/public_html/sarcasmshop/payment/payment_ccend.php:41
/home4/thesarca/public_html/sarcasmshop/payment/payment_cc.php:257
[06-Nov-2014 11:05:33] (shop: 06-Nov-2014 11:05:33) PAYMENTS message:
Payment processing failure.
Login: anonymous-3055
IP: 72.188.58.41
----
Payment method: Credit Card (AuthorizeNet - AIM)
bill_output = Array
(
[cvvmes] => 3 digit(s) /
[code] => 2
[billmes] => Error: (Reason Code / Sub )
)
original_bill_output = Array
(
[cvvmes] => 3 digit(s) /
[code] => 2
[billmes] => Error: (Reason Code / Sub )
)
responses of https requests = Array
(
[31-12-1969 18:00:00 1415293533] => Array
(
[0] => 0
[1] => X-Cart HTTPS: libcurl error(35): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
)

)
Request URI: /payment/payment_cc.php
Backtrace:
/home4/thesarca/public_html/sarcasmshop/payment/payment_ccmid.php:261
/home4/thesarca/public_html/sarcasmshop/payment/payment_ccend.php:41
/home4/thesarca/public_html/sarcasmshop/payment/payment_cc.php:257
__________________
Bob

http://www.sarcasmshop.com
5.1.10
Reply With Quote
  #92  
Old 11-06-2014, 03:31 PM
  BCSE's Avatar 
BCSE BCSE is online now
 

X-Guru
   
Join Date: Apr 2003
Location: Ohio - bcsengineering.com
Posts: 3,063
 
Default Re: POODLE vulnerability in SSLv3
Bob,

Are you sure the patch is up? It looks like it's trying to connect with SSL3 still.

Anyone though on your version should be using our DPM module or CIM module to keep Authorize.net (both mods solve the Poodle issue too) The reason being the PCI compliance change from several years ago prohibits you from having your cart send card data, which AIM does. DPM and CIM do not pass the card data through your store.

Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002!

We support X-cart versions 3.x through 5.x!

Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more!


Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com

Please E-Mail us for questions/support!
Reply With Quote
  #93  
Old 11-06-2014, 03:36 PM
 
Regs Regs is offline
 

Senior Member
   
Join Date: Apr 2003
Location: Vancouver BC
Posts: 134
 
Default Re: POODLE vulnerability in SSLv3
Bob,

What OS is running on your server?

I think I've narrowed down my issue to a server OS update which updated OpenSSL as well.
__________________
x-cart 4.2.3 & 4.6.0
Reply With Quote
  #94  
Old 11-06-2014, 04:04 PM
 
TheSarcasmShop TheSarcasmShop is offline
 

Member
   
Join Date: Nov 2010
Posts: 24
 
Default Re: POODLE vulnerability in SSLv3
My developer said he got a message stating the patch was successful when he installed it last weekend. I am using Hostgator and the OS is Linux CentOS
__________________
Bob

http://www.sarcasmshop.com
5.1.10
Reply With Quote
  #95  
Old 11-06-2014, 04:04 PM
 
TheSarcasmShop TheSarcasmShop is offline
 

Member
   
Join Date: Nov 2010
Posts: 24
 
Default Re: POODLE vulnerability in SSLv3
Is there a way to view if the patch is installed?
__________________
Bob

http://www.sarcasmshop.com
5.1.10
Reply With Quote
  #96  
Old 11-06-2014, 04:46 PM
 
Regs Regs is offline
 

Senior Member
   
Join Date: Apr 2003
Location: Vancouver BC
Posts: 134
 
Default Re: POODLE vulnerability in SSLv3
I fixed my issue...

If we want to use TLS, why is TLS = False being set in this patch?!?!
__________________
x-cart 4.2.3 & 4.6.0
Reply With Quote
  #97  
Old 11-06-2014, 05:07 PM
 
TheSarcasmShop TheSarcasmShop is offline
 

Member
   
Join Date: Nov 2010
Posts: 24
 
Default Re: POODLE vulnerability in SSLv3
I noticed Hostgator is running CURL 7.12.1
__________________
Bob

http://www.sarcasmshop.com
5.1.10
Reply With Quote
  #98  
Old 11-06-2014, 07:47 PM
 
aim aim is offline
Advanced Staff Users
  

X-Cart team
   
Join Date: Dec 2008
Posts: 928
 
Default Re: POODLE vulnerability in SSLv3
Quote:
Originally Posted by TheSarcasmShop
Is there a way to view if the patch is installed?

Check if you have this code

Code:
    if ($use_tls) {
        // http://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html CURL_SSLVERSION_TLSv1
        curl_setopt ($ch, CURLOPT_SSLVERSION, 1);
    }

in the
include/func/func.https_libcurl.php
file.

I have prepared a quick patch for you which works with any version of the include/func/func.https_libcurl.php
file

authorize_disable_ssl3.diff
Attached Files
File Type: diff authorize_disable_ssl3.diff (551 Bytes, 29 views)
__________________
Sincerely yours,
Ildar Amankulov
Head of Maintenance group
Reply With Quote
  #99  
Old 11-06-2014, 11:13 PM
  ambal's Avatar 
ambal ambal is online now
 

X-Cart team
   
Join Date: Sep 2002
Posts: 4,121
 
Default Re: POODLE vulnerability in SSLv3
JFYI, PayPal disables SSLv3 on Dec 3rd 2014.

https://www.paypal-marketing.com/emarketing/partner/na/notice-2014/poodle_email2_online?trid=2000008887758&uid=e33758 d5Lpisho27t

X-Payments servers are going to discontinue supporting SSLv3 on Nov 19th 2014.
__________________
Sincerely yours,
Alex Mulin
VP of Business Development for X-Cart
X-Payments product manager
Reply With Quote
  #100  
Old 11-07-2014, 05:42 AM
 
TheSarcasmShop TheSarcasmShop is offline
 

Member
   
Join Date: Nov 2010
Posts: 24
 
Default Re: POODLE vulnerability in SSLv3
I had the quickpatch installed and my site is now working. Thanks to everyone for their input.
__________________
Bob

http://www.sarcasmshop.com
5.1.10
Reply With Quote
The following user thanks TheSarcasmShop for this useful post:
aim (11-07-2014)
Reply
   X-Cart forums > X-Payments > X-Payments issues & questions
Page 10 of 14 « First < 89 10 1112 > Last »

« Previous Thread | Next Thread »


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 07:14 PM.

   
 
X-Cart forums © 2001-2020