X-Cart forums

[Ksenia]

Quote:

Originally Posted by drudden

I do not have the patch files listed in my file area for 4.3.1. When will they become available?

The list of patches available:

remove_ssl3-2014-10-30_4.2.3.tgz
remove_ssl3-2014-10-30_4.3.2.tgz
remove_ssl3-2014-10-30_4.4.5.tgz
remove_ssl3-2014-10-30_4.5.0.tgz
remove_ssl3-2014-10-30_4.5.1.tgz
remove_ssl3-2014-10-30_4.5.2.tgz
remove_ssl3-2014-10-30_4.5.3.tgz
remove_ssl3-2014-10-30_4.5.4.tgz
remove_ssl3-2014-10-30_4.5.5.tgz
remove_ssl3-2014-10-30_4.6.0.tgz
remove_ssl3-2014-10-30_4.6.1.tgz
remove_ssl3-2014-10-30_4.6.2.tgz
remove_ssl3-2014-10-30_4.6.3.tgz
remove_ssl3-2014-10-30_4.6.4.tgz


The users of X-Cart 4.3.0 and 4.3.1 should use the patch for v.4.3.2.
The users of X-Cart 4.4.0 - 4.4.4 should use the patch for v.4.4.5 (it won't apply automatically, so you have to do it manually).

Most probably you will be able to apply the patch as is. But little patch adaptation for this version may be required.

[donmck]

Quote:

Originally Posted by Ksenia

It's good your host switched to TLS, snip---
PayPal Advanced and Autorize.NET CIM are in the confirmed list, even more companies are about to switch, too.

Hi Ksenia, Vladimir, and others,

To make 100% sure I am not misinterpreting the information provided, If I have an XCart Version 4.0.17, which is earlier than Version 4.2.2 you quoted, then I do not need to do anything to my XCart, correct?

I see another member in this thread is on V4.1.9 and asking the same questions, and I'm sure there are others either reading this thread, or about to when their cart payments stop working.

If this is the case, then I get my host provider to disable the SSLv3 protocol on my server, correct?

Thanks in advance,
Cheers Don...

[moonslice]

1) I also have many LiteCommerce ASPE 2.1 shopcarts. Will LiteCommerce carts still work if the server no longer allows sslv3?
(None of the LC carts use payment gateways)

2) Are there patches for the LiteCommerce ASPE 2.1 files?

[karinel]

I'm using 4.3.2.
My hosting company has taken care of SSLv3.

I've downloaded the 4.3.2 patch.
Am stuck on Step 4.

I cannot find any file dirs called /include/func or /payment.

I have a /includes/functions/ but the files to replace are not in these dirs.

What is the path to /include/func if it is not at the xcart's root level?

[aim]

Quote:

Originally Posted by karinel

I'm using 4.3.2.
My hosting company has taken care of SSLv3.

I've downloaded the 4.3.2 patch.
Am stuck on Step 4.

I cannot find any file dirs called /include/func or /payment.

I have a /includes/functions/ but the files to replace are not in these dirs.

What is the path to /include/func if it is not at the xcart's root level?

aim-server[~/tmp]$ wget http://www.gl.....a.com/xcart/includes/functions
--2014-10-31 09:38:07-- http://www.gl.....a.com/xcart/includes/functions
Resolving www.gl.....a.com (www.gl.....a.com)... 66.230.196.148
Connecting to www.gl.....a.com (www.gl.....a.com)|66.230.196.148|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2014-10-31 09:38:08 ERROR 404: Not Found.

aim-server[~/tmp]$ wget http://www.gl.....a.com/xcart/includes/
--2014-10-31 09:38:17-- http://www.gl.....a.com/xcart/includes/
Resolving www.gl.....a.com (www.gl.....a.com)... 66.230.196.148
Connecting to www.gl.....a.com (www.gl.....a.com)|66.230.196.148|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2014-10-31 09:38:18 ERROR 404: Not Found.

aim-server[~/tmp]$ wget http://www.gl.....a.com/xcart/include/func
--2014-10-31 09:38:23-- http://www.gl.....a.com/xcart/include/func
Resolving www.gl.....a.com (www.gl.....a.com)... 66.230.196.148
Connecting to www.gl.....a.com (www.gl.....a.com)|66.230.196.148|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2014-10-31 09:38:24 ERROR 403: Forbidden.

aim-server[~/tmp]$ wget http://www.gl.....a.com/xcart/include
--2014-10-31 09:38:28-- http://www.gl.....a.com/xcart/include
Resolving www.gl.....a.com (www.gl.....a.com)... 66.230.196.148
Connecting to www.gl.....a.com (www.gl.....a.com)|66.230.196.148|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2014-10-31 09:38:28 ERROR 403: Forbidden.


The correct dirs are
http://www.gl.....a.com/xcart/include
http://www.gl.....a.com/xcart/include/func

[aim]

Quote:

Originally Posted by donmck

Hi Ksenia, Vladimir, and others,

To make 100% sure I am not misinterpreting the information provided, If I have an XCart Version 4.0.17, which is earlier than Version 4.2.2 you quoted, then I do not need to do anything to my XCart, correct?

I see another member in this thread is on V4.1.9 and asking the same questions, and I'm sure there are others either reading this thread, or about to when their cart payments stop working.

If this is the case, then I get my host provider to disable the SSLv3 protocol on my server, correct?

Thanks in advance,
Cheers Don...

You do not need to do anything for your XCart Version 4.0.17

[donmck]

Quote:

Originally Posted by aim

You do not need to do anything for your XCart Version 4.0.17

Thanks very much Ildar.

I'll go ahead and get the SSL dropped on my server and get back to this thread with the results.

Cheers Don...

[qualiteam]

Quote:

Originally Posted by moonslice

1) I also have many LiteCommerce ASPE 2.1 shopcarts. Will LiteCommerce carts still work if the server no longer allows sslv3?
(None of the LC carts use payment gateways)

2) Are there patches for the LiteCommerce ASPE 2.1 files?

There are no patches for LC2 as it doesn't force SSLv3 out of the box.

However, your website has a lot of custom mods, so it makes sense to contact our support staff and let them check it.

[donmck]

Quote:

Originally Posted by aim

You do not need to do anything for your XCart Version 4.0.17

Just contacted my web host, and received this reply. Please advise.

Cheers Don...

==========================================

I would recommend you to contact X-cart to confirm about the recommended curl version in your server. From what i can see, you are having an old CentOS version : CentOS release 5.11 (Final) and the latest available version of Curl is 7.15.5.

# curl --version
curl 7.15.5

Your server is already running latest version of the curl available for your Operating System and you will need to update to a newer OS and server for upgrading the curl version. It does appear several core functions may be tied into this curl version that can't be updated without a lot of headache in your current operating system. I do know that in order to obtain the latest openssl version that supports the newer TLS 1.1 and 1.2 versions you must upgrade to CentOS 6.

Please confirm these, so we can disable SSLv3.

-----
Thomas Joy
Technical Support Specialist
Total Server Solutions

[aim]

Quote:

Originally Posted by donmck

Just contacted my web host, and received this reply. Please advise.

Cheers Don...

==========================================

I would recommend you to contact X-cart to confirm about the recommended curl version in your server. From what i can see, you are having an old CentOS version : CentOS release 5.11 (Final) and the latest available version of Curl is 7.15.5.

# curl --version
curl 7.15.5

Your server is already running latest version of the curl available for your Operating System and you will need to update to a newer OS and server for upgrading the curl version. It does appear several core functions may be tied into this curl version that can't be updated without a lot of headache in your current operating system. I do know that in order to obtain the latest openssl version that supports the newer TLS 1.1 and 1.2 versions you must upgrade to CentOS 6.

Please confirm these, so we can disable SSLv3.

-----
Thomas Joy
Technical Support Specialist
Total Server Solutions

X-Cart works properly with the last
curl 7.38.0
libcurl/7.38.0
OpenSSL/1.0.1j
libs

So you have to upgrade to CentOS 6 as advised.

Please take into account Intershipper issues for the last curl/OpenSSL libs
http://us1.campaign-archive2.com/?u=8f406bcb33564cce3343fee6e&id=7b9a827fc0&e=[UNIQID]