If you have a VPS server with WHM here is how you can quickly turn off SSLv3 (and SSLv2) http://www.liquidweb.com/kb/how-to-disa ... rom-poodle
If you need SSLv3 for some reason you can scope TLS_FALLBACK_SCSV support instead. Better off just cutting ties with v3 though since old head IE6 on WinXP has no concept of new protocol or standards. Darned if you do, Darned if you dont. Its time to finally move beyond old IE on XP support.
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
If your server and legacy ciphers are good, you should score a grade B no problem. Shameless promotion, here is what the results should look like and how high you can score using a buttoned up server + SSL & Secure Policies manager, even when using SNI (coming soon to extension market)
Attachments
Modern SSL Env + FORCED + HSTS + CSP + Fallbacks = Institution Grade OC - a-plus.png (37.88 KiB) Viewed 9050 times
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
My server that OpenCart is installed on does not support SSL v2 or SSL v3
Does OpenCart use either?
NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart
Apparently there is a fix in progress for Paypal to make IPN successful, although at this point its unclear to me whether its server side, OC side, or Paypal side. They made a new thread to discuss it here: http://forum.opencart.com/viewtopic.php?f=179&t=132859 Could you share what paypal module you are using as well as any other data like your hosting company for James and crew?
Been using Paypal payments standard (the one that uses just an email) and it seems to work fine, although it *could* be related to the Cipher suite. Many hosts are just TLS possibly without providing a backwards compatible suite. In the thread mentioned above, I shared the ciphers that seem to work, at least with that Paypal IPN method. http://forum.opencart.com/viewtopic.php ... 59#p523913
@Randem & @chchris99
As far as default OC itself, not counting 3rd party stuff like Paypal IPN (which is like an API), there doesnt seem to be any issue with TLS 1.0+. Not saying anything will rear its head, but if you are experiencing issues with core components of OC, it is probably host related. Is anyone else running into things?
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
I am using PayPal Standard on a dedicated server, running CentOS 6.0, so we have total control. I tried using your cipher suite, but that didn't fix it. Here are our current SSL settings in Apache:Dhaupin wrote:@HealthWyze
Apparently there is a fix in progress for Paypal to make IPN successful, although at this point its unclear to me whether its server side, OC side, or Paypal side. They made a new thread to discuss it here: http://forum.opencart.com/viewtopic.php?f=179&t=132859 Could you share what paypal module you are using as well as any other data like your hosting company for James and crew?
Been using Paypal payments standard (the one that uses just an email) and it seems to work fine, although it *could* be related to the Cipher suite. Many hosts are just TLS possibly without providing a backwards compatible suite. In the thread mentioned above, I shared the ciphers that seem to work, at least with that Paypal IPN method. http://forum.opencart.com/viewtopic.php ... 59#p523913
Code: Select all
SSLEngine on
SSLProtocol All -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA256:TLS_RSA_WITH_AES_128_CBC_SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:AES128:AES256:ECDHE-ECDSA-AES128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK"
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
http://healthwyze.org/index.php/compone ... l-ipn.html
I also got a mail from paypal regarding SSL 3.0.
As per details provided, updates has been done on sandbox so we can test our system with sandbox. If it is working fine with no error, it will work fine on paypal upgraded system as well which is going to be implemented in dec.
I choosed sandbox mode in paypal payment options in opencart and then run a test transaction which ran successfully with no error.
I assume my system is fine and i do not need to change.
You guys can also test it with sandbox.
Thanks
pooja
www.linensncurtains.com
We too have come across this with Paypal recently. We are on a shared hosting package with TSOHost - It's cheap and seems to do the job for us. I have been on the SSLLabs website and it says that we are vulnerable to SSLv3 attacks... However when I spoke with TSOHost yesterday they said they have disabled it on all of their servers, so does this mean that we are okay? The guy at TSOHost said that we may need to change something on our side also, but gave no indication as to what?
I am not technically gifted in such areas, and any assistance would be greatly appreciated.
Best regards,
Luke
Users browsing this forum: No registered users and 8 guests