Authorize.net (AIM) error with cURL version 7.34.0

[billc108]

Hi folks,

I recently upgraded a client's site from 1024 bit SSL encryption to 2048 bit. The SSL Cert guys said it was required after Jan 1. We use the Authorize.net AIM gateway. It's been working fine for years.

Now we're seeing errors with all payments. The error on the payments page, after confirming the order, is:

"Communications Error - Please notify webmaster. - Your credit card could not be authorized for this reason. Please correct the information and try again or contact us for further assistance."

He was on 1.3.9, so I upgraded him to v1.5.1. Same error.

HTTPS works fine on the Admin section of the site, and on the rest of the checkout process.

I also tested with a payment form from my own site (with his Authorize credentials), and had no problem putting a payment through. So I'm pretty certain it's not the SSL Cert itself. I'm not seeing any errors in SSL log either.

One error I pulled from one of the logs is:

Comm results: 35 Unsupported SSL protocol version

which appears to have to do with cURL. I'm running curl 7.34.0, if that's a clue.

Any ideas?

[billc108]

More info:

I ran the cURL test from this thread: http://www.zen-cart.com/showthread.p...522#post408522

(on both http and https) and got good results:

You submitted the following fields and data:

Array
(
[field1] => This is a test
[statuskey] => ready
)
Data validation

Good

[lgroebe]

Bill, did you solve your problem?

If so, what was it?

Because a client of ours is suddenly experiencing the same thing. Sometime after January 25th, Authorize.net stopped working for them, and the error logs include that same "Comm results: 35 Unsupported SSL protocol version" error that your reported. Switching to SIM with SSL produces the same error, and SIM without SSL seems to work (but obviously is not useful.) A lengthy call with Authorize tech support didn't result in any answers - they claimed nothing changed for them. The frustrating thing is that we believe nothing changed on OUR end (unless there was a silent Apache/PHP/OSX rev) - certainly we installed no new certificate or anything.

--Larry

[lhungil]

If cURL version 7.34.0 is being used, there is a known bug in CURL which causes this error.

[lgroebe]

Aha. That was it. Upgrading to 7.35 fixed it.