- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSL Timeout Connecting to Sandbox
The CIM API is timing out for us. Is anyone else having this issue or is it just us?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@bbot: I believe there is a directive in httpd.conf, SSLProtocol, where you can force this. As our servers currently support SSL v3 and TLS 1.0, you'd use "SSLProtocol +SSLv3 +TLSv1". The directive is better documented at http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol so you may want to reference against that. Also, you may want to check your code base in case there is a call to the SSLProtocol directive that supercedes what is in httpd.conf.
@gmarlett: The original plan was to make the same changes in our new Production environment which isn't yet taking API traffic. I'm keeping our management and development teams informed so we can determine the best way to phase this in with minimal impact. Good to hear that upgrading to OpenSSL 1.0.1g fixed the issue in Sandbox.
@lethjakman: I suspect you have a persistent connection to the Transact servers in Sandbox, so you wouldn't see the change until you reconnected.
"Move fast and break things," out. "Move carefully and fix what you break," in.
06-03-2014 01:48 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@lethjakman: Which SSL protocols are enabled in httpd.conf currently?
"Move fast and break things," out. "Move carefully and fix what you break," in.
06-03-2014 01:52 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Adding:
curl_setopt($curl_request, CURLOPT_SSLVERSION, 3);
To line 93 of AuthorizeNetRequest.php in the PHP API fixed the problem. Thank you for your help.
06-03-2014 01:57 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I quickly tested our production server with the sandbox (it's not really in production yet). It is using openssl-1.0.1e-16.el6_5.7.x86_64. It did not have the problem.
06-03-2014 02:21 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@gmarlett: Which protocols are configured on that 1.0.1e setup?
"Move fast and break things," out. "Move carefully and fix what you break," in.
06-03-2014 02:29 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried changing httpd.conf to foce SSLv3 and TLS 1 but it didn't work.
06-03-2014 02:42 PM - edited 06-03-2014 02:43 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is in the ssl.conf file (I want to reiterate that this *is* working with the Sandbox)
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
# enable only secure ciphers:
SSLCipherSuite HIGH:MEDIUM:!ADH
# Use this instead if you want to allow cipher upgrades via SGC facility.
# In this case you also have to use something like
# SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
# see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html.en#upgradeenc
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
SSLProtocol all -SSLv2
06-03-2014 02:43 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"Move fast and break things," out. "Move carefully and fix what you break," in.
06-03-2014 03:00 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm currently using nginx with rails. I don't believe I have an httpd.conf. No? Weird thing is...they'd all be running exactly the same one if there were one. I'm just using Phusion Passenger with "passenger start"
06-03-2014 03:13 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Server Type: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH
06-03-2014 03:18 PM