Authorize.net SSL Changeover

**rbobzin** · 13 Feb 2009, 01:54 AM

Just received this from Auth.net:

During the week of March 16 - 20, 2009, Authorize.Net will be deprecating all legacy support for the SSL 2.0 protocol. Changes have recently been made to the Payment Card Industry Data Security Standard (PCI DSS) which have made the use of SSL 2.0 a PCI DSS violation.

Due to this change, it is critical that you update any applications or integrations that may be using the SSL 2.0 protocol to support the more current SSL 3.0/TLS 1.0 protocols. Failure to upgrade your applications or integrations may result in a lost ability to successfully process transactions via the Authorize.Net Payment Gateway.

If you have merchants who are currently using SSL 2.0 to connect to the Authorize.Net Payment Gateway, you must contact them immediately and arrange to update their integrations to the SSL 3.0/TLS 1.0 protocols.

For more information on the limitations of SSL 2.0 and the advantages of SSL 3.0/TLS 1.0, we recommend reviewing the white paper Analysis of the SSL 3.0 Protocol.

I checked with our web host, who said the new protocol is not a problem for them, but warned me to check out our ecom app.

So, does anyone know if this will cause any problems with our Zen Cart 1.3.8a sites?

Thanks.

**Merlinpa1969** · 13 Feb 2009, 02:31 AM

works just fine

**TecBrat** · 13 Feb 2009, 03:39 PM

I have some old carts that do not lend themselves well to being upgraded, do you know how far back the authorize.net payment module goes with SSL 3.0 support?

**rbobzin** · 14 Feb 2009, 06:40 AM

Thanks, Merlinpa, that's good to know.

**crazycucumber** · 18 Feb 2009, 03:01 PM

Hi , does this affect a standard 1.3.8a zen-cart install , is there anything I need to do to check it is ok ?

During the week of March 16 - 20, 2009, Authorize.Net will be deprecating all legacy support for the SSL 2.0 protocol. Changes have recently been made to the Payment Card Industry Data Security Standard (PCI DSS) which have made the use of SSL 2.0 a PCI DSS violation.

Due to this change, it is critical that you update any applications or integrations that may be using the SSL 2.0 protocol to support the more current SSL 3.0/TLS 1.0 protocols. Failure to upgrade your applications or integrations may result in a lost ability to successfully process transactions via the Authorize.Net Payment Gateway.

If you have merchants who are currently using SSL 2.0 to connect to the Authorize.Net Payment Gateway, you must contact them immediately and arrange to update their integrations to the SSL 3.0/TLS 1.0 protocols.

thanks for your input

**mgraphic** · 18 Feb 2009, 07:50 PM

I got this message today direct from Authorize.net...

[FONT=Arial]Important System Notice [/FONT] Dear Authorize.Net Developer:
During the week of March 16 - 20, 2009, Authorize.Net will be deprecating all legacy support for the SSL 2.0 protocol. Changes have recently been made to the Payment Card Industry Data Security Standard (PCI DSS) which have made the use of SSL 2.0 a PCI DSS violation.
Due to this change, it is critical that you update any applications or integrations that may be using the SSL 2.0 protocol to support the more current SSL 3.0/TLS 1.0 protocols. Failure to upgrade your applications or integrations may result in a lost ability to successfully process transactions via the Authorize.Net Payment Gateway.
If you have merchants who are currently using SSL 2.0 to connect to the Authorize.Net Payment Gateway, you must contact them immediately and arrange to update their integrations to the SSL 3.0/TLS 1.0 protocols.
For more information on the limitations of SSL 2.0 and the advantages of SSL 3.0/TLS 1.0, we recommend reviewing the white paper Analysis of the SSL 3.0 Protocol.
If you have any questions, please contact developer AT authorize DOT net.
Sincerely,
Authorize.Net

Are there any known issues with the Zen-Cart Authorize.Net AIM payment module that would interfer with current version of ZC or version 1.2.7?

**DrByte** · 18 Feb 2009, 08:25 PM

Zen Cart is not affected by this change.

However, in the (somewhat unlikely) case that your *hosting company* is using SSL 2.0 to do its CURL communications, then you'll need to get *them* to upgrade their server configs.

Originally Posted by mgraphic

Are there any known issues with the Zen-Cart Authorize.Net AIM payment module that would interfer with current version of ZC or version 1.2.7?

But, you really should be upgrading your Zen Cart ... v1.2.7 is 3 years and 9 versions old

**donplay** · 8 Mar 2009, 11:52 PM

Hi,

I got the same email notice. Is there anywhere in Zen Cart (I'm on 1.3.8) where the SSL version can explicitly be set for communications with AUTHORIZE.net (AIM)? My host has said that both SSL 2 and 3 are used on my service.

thanks,
Don

**DrByte** · 9 Mar 2009, 06:39 AM

If your host has both SSL 2 and SSL 3 available, it will auto-negotiate with the authorize.net server to determine which to use. Naturally, that means it'll select SSL 3 when authorize.net no longer supports SSL 2.

Thread: Authorize.net SSL Changeover

Thread Tools

Search Thread

Display

Will Zen Cart work with SSL 3.0?

Re: Will Zen Cart work with SSL 3.0?

Re: Will Zen Cart work with SSL 3.0?

Re: Will Zen Cart work with SSL 3.0?

Authorize.Net Payment Gateway Upgrade

Authorize.net SSL Changeover

Re: Authorize.net SSL Changeover

Re: Authorize.net SSL Changeover

Re: Authorize.net SSL Changeover

Similar Threads

v151 SSL problems - Authorize.net

Authorize.net VS SSL

SSL vs authorize.net???

Authorize.Net and SSL

Bookmarks

Bookmarks

Posting Permissions