Reply
Member
Posts: 2
Registered: ‎12-12-2017

Assist with TLS 1.2 check

Our app in our staging environment connects successfully to A.net's sandbox and works as expected, but I'd like to double-verify we're connecting via TLS 1.2 in our stage and production environment prior to the Feb. 28 deadline.

 

On the Authorize.net PHP SDK page on GitHub (https://github.com/AuthorizeNet/sdk-php), the instructions below are offered for testing, but can you provide some advice on where to position this snippet to generate the response. For example, I positioned the snippet in the footer of the web app and this was the response: {"messages":{"resultCode":"Error","message":[{"code":"E00003","text":"Root element is missing."}]}} That leads me to believe it's not in the right context within the app.

 

I've inherited the app in question and still getting up-to-speed on it, so I appreciate a little extra direction.

 

Thanks!

 


To test whether your current installation is capable of communicating to our servers using TLS 1.2, run the following PHP code and examine the output for the TLS version:

<?php
    $ch = curl_init('https://apitest.authorize.net/xml/v1/request.api');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_VERBOSE, true);
    $data = curl_exec($ch);
    curl_close($ch);
Posts: 333
Kudos: 73
Solutions: 36
Registered: ‎03-13-2017

Re: Assist with TLS 1.2 check

Hi @dant

 

The below link should be helpful in it . 

 

https://stackoverflow.com/questions/27904854/verify-if-curl-is-using-tls





Send feedback at developer_feedback@authorize.net
Authorize.Net Expert
Posts: 84
Registered: ‎11-16-2017

Re: Assist with TLS 1.2 check

@Anurag you beat me to it :-)

 

@dant  Please look into the link for similar issue that got resolved  for root element missing issue -  https://community.developer.authorize.net/t5/Integration-and-Testing/XML-Problem-E00003-Root-Element...

 

Member
Posts: 2
Registered: ‎12-12-2017

Re: Assist with TLS 1.2 check

Thanks for the info, but I still haven't broken through. Here's how I have the test constructed now:

 

 

	<?php	
		$ch = curl_init('https://apitest.authorize.net/xml/v1/request.api');
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		curl_setopt($ch, CURLOPT_VERBOSE, true);
		$data = curl_exec($ch);
		curl_close($ch);
		$json = json_decode($data);
		echo "TLS info: " . $json->tls_version;
		echo "<br>";
		$curl_info = curl_version();
		echo "Curl info: " . $curl_info['ssl_version'];	
	?>

 

Which returns: 

TLS info: 
Curl info: NSS/3.28.4

 

When I swap in a new endpoint in place of A.net test as follows:

 

	<?php	
		$ch = curl_init('https://www.howsmyssl.com/a/check');
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		curl_setopt($ch, CURLOPT_VERBOSE, true);
		$data = curl_exec($ch);
		curl_close($ch);
		$json = json_decode($data);
		echo "TLS info: " . $json->tls_version;
		echo "<br>";
		$curl_info = curl_version();
		echo "Curl info: " . $curl_info['ssl_version'];	
	?>

It returns:

 

TLS info: TLS 1.2
Curl info: NSS/3.28.4

 

Which looks to me like the code is correct (and we're good with CURL version) but the connection to https://apitest.authorize.net/xml/v1/request.api isn't happening or a response isn't being sent back. 

 

Any thoughts?

Posts: 492
Topics: 0
Kudos: 99
Blog Posts: 0
Ideas: 0
Solutions: 42
Registered: ‎04-28-2017

Re: Assist with TLS 1.2 check

[ Edited ]

Hello @dant,

 

Using https://apitest.authorize.net/xml/v1/request.api as an endpoint, isn't going to return any TLS information, because that is not part of their JSON response.

 

Considering your response from https://www.howsmyssl.com/a/check, it looks like your TLS is fine.

 

The response of {"resultCode":"Error","message":[{"code":"E00003","text":"Root element is missing."}]}} is due to the appropriate XML not being posted as part of that particular request.

 

To be sure your production environment is ready for the TLS change, just use the sandbox endpoint and login information with your application in your production environment. If you receive a successful response, you are good to go.

 

 

Powered by NexWebSites.com -
Certified Authorize.net developers