Reply
Posts: 321
Topics: 5
Kudos: 37
Blog Posts: 5
Ideas: 0
Solutions: 26
Registered: ‎11-09-2011

Re: SSL Timeout Connecting to Sandbox

@peter, we rolled back the LOW ciphers that were installed. That was the only change.

Are you forcing SSL v3 in your code?

--
"Move fast and break things," out. "Move carefully and fix what you break," in.
Posts: 321
Topics: 5
Kudos: 37
Blog Posts: 5
Ideas: 0
Solutions: 26
Registered: ‎11-09-2011

Re: SSL Timeout Connecting to Sandbox

So is the consensus that last night's removal of LOW ciphers didn't help those who couldn't connect?

If so I will report this and we'll probably reverse ALL the changes we attempted for the short term.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.
Member
Posts: 1
Registered: ‎06-04-2014

Re: SSL Timeout Connecting to Sandbox

@Lilith, we still can not connect. Our test suite is completely broken since Monday. and we made no code change on our end. 

Member
Posts: 7
Registered: ‎06-03-2014

Re: SSL Timeout Connecting to Sandbox

What are you going to do for implementations that cannot force SSLv3 in their code?

 

Our whole implementation uses Debian 7.

We don't have the option to upgrade from 1.0.1e to unstable 1.0.1g.

We're using a library that doesn't give us control to change the SSL version of the request.

 

I understand security issues, but the server should be capable of negotiating the appropriate security.

 

This implementation has serious implications to a large portion of web hosts. Shouldn't this update have been applied so that there is no negative repercussions to the clients? What is the timeline for the launch of this change to the production server?

 

If we don't have the control to change our environment, and these changes are going to break it, then what are we supposed to do?

Posts: 321
Topics: 5
Kudos: 37
Blog Posts: 5
Ideas: 0
Solutions: 26
Registered: ‎11-09-2011

Re: SSL Timeout Connecting to Sandbox

@bmoore, as I stated, we're probably going to reverse all the changes. It's not clear when or if this will reach Production.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.
Member
Posts: 7
Registered: ‎06-03-2014

Re: SSL Timeout Connecting to Sandbox

@Lilith Thank you. Is there any information about the timeline for the reversal? All of our development is completely halted until this is fixed (which means significant $ lost).

 

For the record: I've been dealing with customer support, and apparently they're not allowed to help except for reading the manual for you. Jerry was the first helpful person I could reach who was able to give me any information about authorize.net. As an employee of a paying customer of an internet company, I would expect the at least some level of direct technical support above that of a developer moderated forum. As a developer that cannot get technical support, nor information, on a server level issue for over 24 hours is a bit unsettling.

Contributor
Posts: 12
Registered: ‎06-03-2014

Re: SSL Timeout Connecting to Sandbox

It still doesn't work for me unless I add curl_setopt($curl_request, CURLOPT_SSLVERSION, 3);

Member
Posts: 9
Registered: ‎06-03-2014

Re: SSL Timeout Connecting to Sandbox

I had to dive in to WordPress core and change 

 

$connect_host = $secure_transport ? 'ssl://' . $connect_host : 'tcp://' . $connect_host;

 

to sslv3

 

This modifies core code, i'll have to find a work around but forcing sslv3 in class-http.php worked. I was not able to force sslv3 in my apache global config for some reason.

Member
Posts: 7
Registered: ‎06-03-2014

Re: SSL Timeout Connecting to Sandbox

Modifying core should not be an option. As far as I'm concerned, this isn't solved. When will the changed be reversed?

Member
Posts: 7
Registered: ‎06-03-2014

Re: SSL Timeout Connecting to Sandbox

I understand handling these issues takes time, but is there an estimate about when these issues are going to be rolled back?