cancel
Showing results for 
Search instead for 
Did you mean: 

SSL Timeout Connecting to Sandbox

The CIM API is timing out for us.  Is anyone else having this issue or is it just us?

gmarlett
Contributor
74 REPLIES 74

Yes the old code (CURLOPT_SSL_VERIFYPEER, FALSE) now works (as does the new CURLOPT_SSLVERSION, 3 option). 

As I mentioned, the issue was with moving SSL termination in our network. We're working on a fix. We will have more details once we're at liberty to discuss it further. I apologize I can't say much more at this time.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.

Where can we expect to see the notice about what to expect, when it's ready to be publicized?

Due to data security requirements I can only divulge so much.

The thing to bear in mind is that what we saw in Sandbox was unexpected behavior, but it also wasn't final.

 

We're working on a testing platform for what we expect to be the final configuration, and we will be asking a few of you who can troubleshoot SSL connection issues to test on that to confirm SSL termination works there. It's likely to be bear-bones, and may not even have API services, since the only thing we need to confirm is working SSL termination.

 

We are working diligently to make as little impact as possible. There should not be much if any need to make code changes, and the fact that some of you did need to make changes in Sandbox this first round has made us re-evaluate the approach and try something new. Hence the testing platform we're working on.

We'll be posting in the Community Forums when the testing platform is ready.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.

I'm curious if authorize.net is affected by the new POODLE exploit in SSLv3 I'm replying here since there were changes in ciphers and a suggested work around for some was to force SSLv3.

peter
Member