Cybersource Developer Community Cybersource Developer Community

dant · ‎12-12-2017

Our app in our staging environment connects successfully to A.net's sandbox and works as expected, but I'd like to double-verify we're connecting via TLS 1.2 in our stage and production environment prior to the Feb. 28 deadline.

On the Authorize.net PHP SDK page on GitHub (https://github.com/AuthorizeNet/sdk-php), the instructions below are offered for testing, but can you provide some advice on where to position this snippet to generate the response. For example, I positioned the snippet in the footer of the web app and this was the response: {"messages":{"resultCode":"Error","message":[{"code":"E00003","text":"Root element is missing."}]}} That leads me to believe it's not in the right context within the app.

I've inherited the app in question and still getting up-to-speed on it, so I appreciate a little extra direction.

Thanks!

To test whether your current installation is capable of communicating to our servers using TLS 1.2, run the following PHP code and examine the output for the TLS version:

<?php
    $ch = curl_init('https://apitest.authorize.net/xml/v1/request.api');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_VERBOSE, true);
    $data = curl_exec($ch);
    curl_close($ch);

Anurag · ‎12-12-2017

Hi @dant

The below link should be helpful in it .

https://stackoverflow.com/questions/27904854/verify-if-curl-is-using-tls

Send feedback at developer_feedback@authorize.net

bhav · ‎12-12-2017

@Anurag you beat me to it :-)

@dant Please look into the link for similar issue that got resolved for root element missing issue - https://community.developer.authorize.net/t5/Integration-and-Testing/XML-Problem-E00003-Root-Element...

dant · ‎12-13-2017

Thanks for the info, but I still haven't broken through. Here's how I have the test constructed now:

	<?php	
		$ch = curl_init('https://apitest.authorize.net/xml/v1/request.api');
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		curl_setopt($ch, CURLOPT_VERBOSE, true);
		$data = curl_exec($ch);
		curl_close($ch);
		$json = json_decode($data);
		echo "TLS info: " . $json->tls_version;
		echo "<br>";
		$curl_info = curl_version();
		echo "Curl info: " . $curl_info['ssl_version'];	
	?>

Which returns:

TLS info:
Curl info: NSS/3.28.4

When I swap in a new endpoint in place of A.net test as follows:

	<?php	
		$ch = curl_init('https://www.howsmyssl.com/a/check');
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		curl_setopt($ch, CURLOPT_VERBOSE, true);
		$data = curl_exec($ch);
		curl_close($ch);
		$json = json_decode($data);
		echo "TLS info: " . $json->tls_version;
		echo "<br>";
		$curl_info = curl_version();
		echo "Curl info: " . $curl_info['ssl_version'];	
	?>

It returns:

TLS info: TLS 1.2
Curl info: NSS/3.28.4

Which looks to me like the code is correct (and we're good with CURL version) but the connection to https://apitest.authorize.net/xml/v1/request.api isn't happening or a response isn't being sent back.

Any thoughts?

NexusSoftware · ‎12-14-2017

Hello @dant,

Using https://apitest.authorize.net/xml/v1/request.api as an endpoint, isn't going to return any TLS information, because that is not part of their JSON response.

Considering your response from https://www.howsmyssl.com/a/check, it looks like your TLS is fine.

The response of {"resultCode":"Error","message":[{"code":"E00003","text":"Root element is missing."}]}} is due to the appropriate XML not being posted as part of that particular request.

To be sure your production environment is ready for the TLS change, just use the sandbox endpoint and login information with your application in your production environment. If you receive a successful response, you are good to go.

Powered by NexWebSites.com -
Certified Authorize.net developers

Cybersource Developer Community Cybersource Developer Community

Assist with TLS 1.2 check