developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

SSL Timeout Connecting to Sandbox

The CIM API is timing out for us.  Is anyone else having this issue or is it just us?

5 people had this problem.
gmarlett
Contributor

‎06-03-2014 10:15 AM - last edited on ‎06-03-2014 12:01 PM by Administrator Administrator

0 Kudos
Reply
74 REPLIES 74

This is what our VPS runs.

 

Server Type: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4

peter
Member
In response to Lilith

‎06-03-2014 12:08 PM

0 Kudos
Reply

It's a vagrant box that says:

 

$ openssl version

OpenSSL 1.0.1f 6 Jan 2014

 

PHP reports the same version of ssl.  It's as far upgraded as a dist-upgrade and an apt-get update; apt-get upgrade will do on my vagrant VM.

bbot
Member
In response to peter

‎06-03-2014 12:28 PM

0 Kudos
Reply

Thanks. We suspect at this point that it may be specific to OpenSSL and the SSL versions enabled in it.

Can you force OpenSSL to use SSL v3 or TLS 1.0?

--
"Move fast and break things," out. "Move carefully and fix what you break," in.
Lilith
Administrator Administrator
Administrator
In response to peter

‎06-03-2014 12:33 PM

0 Kudos
Reply

I'm honestly not sure how to go about doing that... any tips for an ubuntu/debian environment running apache/php?

bbot
Member
In response to Lilith

‎06-03-2014 12:38 PM

0 Kudos
Reply

Is this issue going to impact the live Authorize.net at some point?  Our production server is using OpenSSL 1.0.1e-fips

gmarlett
Contributor
In response to bbot

‎06-03-2014 12:46 PM

0 Kudos
Reply

Hello, I'm having the same issue as mentioned in this post. I contacted the support technicians and was directed here. I'd like to point out that I have three people here in this office, myself included, all running "OpenSSL 0.9.8y 5 Feb 2013". It worked just fine when I left, then this morning when everyone booted up their machines my two fellow workers could not send requests, however I could. I'm the only one who hasn't turned off their machine since then, and I can still send requests without the SSL error. No clue what's going on, any advise would be helpful. Seems to me like there's some sort of weird caching going on or something. 

lethjakman
Member

‎06-03-2014 12:53 PM

0 Kudos
Reply

My co-developer upgraded his WAMP to OpenSSL/1.0.1g and the issue does not occur.

gmarlett
Contributor
In response to lethjakman

‎06-03-2014 01:10 PM

Reply

I wish I could upgrade...

 

according to http://askubuntu.com/questions/449184/how-to-upgrade-openssl-1-0-1f-on-ubuntu-server-14-04 it looks like the 1.0.1f included in ubuntu 14.04 has been patched to fix the heartbleed bug, but still doesn't work with ADN

bbot
Member
In response to gmarlett

‎06-03-2014 01:38 PM

0 Kudos
Reply

I'm about to try to upgrade our production server to it (CentOS).  I'll let you know if I'm able to.

gmarlett
Contributor
In response to bbot

‎06-03-2014 01:46 PM

0 Kudos
Reply

OpenSSL/1.0.1g doesn't make any difference on OSX. Same exact error. 

lethjakman
Member

‎06-03-2014 01:48 PM

0 Kudos
Reply
Copyright © 2024 Khoros, LLC