Reply
Posts: 321
Topics: 5
Kudos: 37
Blog Posts: 5
Ideas: 0
Solutions: 26
Registered: ‎11-09-2011

Re: SSL Timeout Connecting to Sandbox

@bbot: I believe there is a directive in httpd.conf, SSLProtocol, where you can force this. As our servers currently support SSL v3 and TLS 1.0, you'd use "SSLProtocol +SSLv3 +TLSv1". The directive is better documented at http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol so you may want to reference against that. Also, you may want to check your code base in case there is a call to the SSLProtocol directive that supercedes what is in httpd.conf.

@gmarlett: The original plan was to make the same changes in our new Production environment which isn't yet taking API traffic. I'm keeping our management and development teams informed so we can determine the best way to phase this in with minimal impact. Good to hear that upgrading to OpenSSL 1.0.1g fixed the issue in Sandbox.

@lethjakman: I suspect you have a persistent connection to the Transact servers in Sandbox, so you wouldn't see the change until you reconnected.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.
Posts: 321
Topics: 5
Kudos: 37
Blog Posts: 5
Ideas: 0
Solutions: 26
Registered: ‎11-09-2011

Re: SSL Timeout Connecting to Sandbox

@lethjakman: Which SSL protocols are enabled in httpd.conf currently?

--
"Move fast and break things," out. "Move carefully and fix what you break," in.
Member
Posts: 5
Registered: ‎06-03-2014

Re: SSL Timeout Connecting to Sandbox

Adding:

 

        curl_setopt($curl_request, CURLOPT_SSLVERSION, 3);

 

To line 93 of AuthorizeNetRequest.php in the PHP API fixed the problem.  Thank you for your help.

Contributor
Posts: 12
Registered: ‎06-03-2014

Re: SSL Timeout Connecting to Sandbox

I quickly tested our production server with the sandbox (it's not really in production yet).  It is using openssl-1.0.1e-16.el6_5.7.x86_64.  It did not have the problem.

Posts: 321
Topics: 5
Kudos: 37
Blog Posts: 5
Ideas: 0
Solutions: 26
Registered: ‎11-09-2011

Re: SSL Timeout Connecting to Sandbox

@gmarlett: Which protocols are configured on that 1.0.1e setup?

--
"Move fast and break things," out. "Move carefully and fix what you break," in.
Member
Posts: 9
Registered: ‎06-03-2014

Re: SSL Timeout Connecting to Sandbox

[ Edited ]

I tried changing httpd.conf to foce SSLv3 and TLS 1 but it didn't work.

Contributor
Posts: 12
Registered: ‎06-03-2014

Re: SSL Timeout Connecting to Sandbox

This is in the ssl.conf file (I want to reiterate that this *is* working with the Sandbox)

 

# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
# enable only secure ciphers:
SSLCipherSuite HIGH:MEDIUM:!ADH
# Use this instead if you want to allow cipher upgrades via SGC facility.
# In this case you also have to use something like
# SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
# see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html.en#upgradeenc
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
SSLProtocol all -SSLv2

Posts: 321
Topics: 5
Kudos: 37
Blog Posts: 5
Ideas: 0
Solutions: 26
Registered: ‎11-09-2011

Re: SSL Timeout Connecting to Sandbox

@peter: Which version of OpenSSL are you using? And which ciphers are enabled?
--
"Move fast and break things," out. "Move carefully and fix what you break," in.
Member
Posts: 5
Registered: ‎06-03-2014

Re: SSL Timeout Connecting to Sandbox

I'm currently using nginx with rails. I don't believe I have an httpd.conf. No? Weird thing is...they'd all be running exactly the same one if there were one. I'm just using Phusion Passenger with "passenger start"

Member
Posts: 9
Registered: ‎06-03-2014

Re: SSL Timeout Connecting to Sandbox

Server Type: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4

 

ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH