Since the sandbox (https://test.authorize.net/gateway/transact.dll) now has SSLv3 disabled, I figured it was a good time to test against it, to ensure we're ready for Nov 4.
We're using homegrown PHP/cURL solution since this was written before the SDK existed.
Test 1: simply direct a test version of our payment code to the sandbox, of course using sandbox credentials.
- success!
Test 2: add a cURL directive forcing TLS, just in case: curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
- success!
Wait, can it be that easy? We're using an old version of cURL (7.15.x) that I wasn't even aware it supported TLS!
Can you fine folks give me a sanity check? Since SSLv3 is already disabled in the sandbox, if I'm successfully able to connect and process there, then I should be set for Nov 4, correct? (Obviously, assuming all else remains constant...)
Thanks!
โ10-30-2014 09:09 PM
I think you're right on track. If you can connect to Sandbox, then your setup is favoring TLS, possibly forcing TLS outright.
Do bear in mind that libcurl, the programming library for accessing cURL, can be compiled to use a number of security libraries, including OpenSSL, SChannel, and others. Despite the age of your installation of cURL, it could be using a more up-to-date security library.
A list of all the possible programming libraries for libcurl may be found here: http://curl.haxx.se/docs/ssl-compared.html
If you run the command curl -V it should tell you which security libraries it's using.
โ10-31-2014 01:21 PM