Reply
Member
Posts: 9
Registered: ‎09-09-2015

Re: Your Script Timed Out / Relay Response Never Posts using SIM

[ Edited ]

@matterickson7Sorry, I'm not much of a security expert either. Our System Admin went through and disabled the TLS 1.0 and 1.1 on a bunch of our Windows 2012 Servers over the summer and I just piggy backed off one of those. 

Member
Posts: 7
Registered: ‎11-27-2017

Re: Your Script Timed Out / Relay Response Never Posts using SIM

When they put us on their payroll!

Contributor
Posts: 18
Registered: ‎11-13-2017

Re: Your Script Timed Out / Relay Response Never Posts using SIM


@matterickson7 wrote:

It sounds like it is worth trying.  I can easily stand up a new server and point the Authorize relay reposnses to it ... 

 

So I am not a security expert ... what is involved in upgrading from 1.0 to 1.2?  Any good technical references?


The server we use is 2008 and these are the steps I followed: https://support.quovadisglobal.com/kb/a433/how-to-enable-tls-1_2-on-windows-server-2008-r2.aspx

Member
Posts: 1
Registered: ‎11-28-2017

Re: Your Script Timed Out / Relay Response Never Posts using SIM

[ Edited ]

@sboyle wrote:

I created an intermediate app on a server with TLS 1.2 to relay any post's coming back from Auth.net to my app that can only use TLS 1.0. I have had exactly 0 errored transactions since I did this 8 days ago.

 

I asked the call center no less than 3 times if the TLS upgrades could be causing this issue and the furisouly denided it.  Seems like somebody needs dig deeper on Auth.net's end.

 

Seems like the solution is to upgrade your host server to have TLS 1.2 as the primary cipher



@sboyleI have a Linux server that cannot be easily upgraded to TLS 1.2. 

 

Could you share more information on how you created the intermediate app? 

Member
Posts: 9
Registered: ‎09-09-2015

Re: Your Script Timed Out / Relay Response Never Posts using SIM

My solution is .NET specific. I found this stackoverflow post on how to copy and relay POST messages (the answer with the checkmark). I then wrote a simple MVC web app and put it on the TLS 1.2 server. The web app receives the x_relay_url POST back from Auth.net, copies the POST body and then relays it on to my app server.

Member
Posts: 7
Registered: ‎11-27-2017

Re: Your Script Timed Out / Relay Response Never Posts using SIM

We were pretty much in the same boat though we have a new server almost ready to go, though that wasn't really relevent.

We set up a VM on the new server, running apache.  xxxx.yourdomain.com  You don't need a VM, we are just configuring this server with compartmentalized VMs so it worked well.  Used certbot to set up a free ssl cert on the new machine.  All we needed to do then is move the script that gets the response  from auth.net to the new server.  Change the response relay URL to https://xxxx.yourdomain.com/anetresponse.php and then have it send whatever you need to the old server.  In our case, it was a bit easier because the VM could actually write the db entries in postgres directly and all the references on the page were fully qualified URLs. (Pretty rare for me, lol)

The jury is still out since we just did this a short time ago, but live tested it and have had a few transactions go through without a problem. You could certainly test in sandbox too, we were just time constrained.

Only note is we had to turn on Secure client renegotiation on the new server. I'll revisit that tomorrow but we were getting an error before we did that. Might be that it was started on a different server.

 

Solution
Accepted by topic author matterickson7
‎11-30-2017 07:38 AM
Posts: 2,765
Topics: 57
Kudos: 248
Blog Posts: 67
Registered: ‎12-05-2011

Re: Your Script Timed Out / Relay Response Never Posts using SIM

Hello @matterickson7 @MikeCO @sboyle @lmckeega @BenPutnam

 

Thank you for your patience.  We heard back today from operations that some of our servers used for Relay Response were modified to require TLS 1.2.  An investigation is underway to determine why this change was made, and when, but in the mean time we've removed those servers from service which should mitigate the issue for now.

 

We apologize for any inconvenience this has caused and applaud you for your persistence.

 

Richard

 

 

Contributor
Posts: 18
Registered: ‎11-09-2017

Re: Your Script Timed Out / Relay Response Never Posts using SIM

Good news!

 

I had switched over to TLS 1.2 yesterday and we haven't had an issue since ... now is that because Authorized fixed their issue ... or because of our change?  ugh.

 

Thanks to all who helped us get to resolution!

 

RichardH ... do you know what time you made the change?

 

Matt

Contributor
Posts: 18
Registered: ‎11-09-2017

Re: Your Script Timed Out / Relay Response Never Posts using SIM

@RichardHDo you know what time the servers were taken out of service?  I would like to know if our servers were actually working under TLS 1.2 or if it was a timing coincidence that I made the change but you moved the servers our of production.

 

If my servers never ran under TLS 1.2 then I will need to do more testing ... 

Posts: 2,765
Topics: 57
Kudos: 248
Blog Posts: 67
Registered: ‎12-05-2011

Re: Your Script Timed Out / Relay Response Never Posts using SIM

@matterickson7

 

We're still waiting for more details on when and why the change was made, but we've not heard any additional details.  Operations is using information from this thread to help isolate the time line.

 

Richard