Post by Evilonion » Wed Jan 03, 2018 9:57 pm

Any ideas how i can overcome this issue in my error logs?
Im using paypal Iframe as the payment method
Full SSL is forced across the entire site.

2018-01-03 13:51:17 - PHP Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in /var/sites/f/website.co.uk/public_html/newshop/system/library/encryption.php on line 23

Active Member

Posts

Joined
Sun Oct 30, 2016 8:07 pm

Post by straightlight » Thu Jan 04, 2018 6:44 am

Contact your host to upgrade your PHP v5.6 as well as the most compatible mySQLi library version. Your PHP version is outdated to support vector iv's security compliance.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by OSWorX » Wed Feb 07, 2018 5:14 am

While this tip is nice, it will not solve your problem.
Because this is based on the way how the current encryption class works.

And this class simply does not use Initialization Vector (iv).

That means, either fill your log with stupid messages - or rework the encryption class to be 100% compatbile with current standards.

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by juliusnkemdiche » Wed Feb 14, 2018 7:20 pm

@EVILON, were you able to find a solution for this? I've experiencing the same issue.


Posts

Joined
Wed Dec 13, 2017 11:17 pm


Post by straightlight » Thu Feb 15, 2018 5:53 am

juliusnkemdiche wrote:
Wed Feb 14, 2018 7:20 pm
@EVILON, were you able to find a solution for this? I've experiencing the same issue.
The solution is posted ... right above: viewtopic.php?f=202&t=200897#p709367

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Sun Jun 10, 2018 8:19 pm

That means, either fill your log with stupid messages - or rework the encryption class to be 100% compatbile with current standards.
Done. An updated solution has been posted here: viewtopic.php?f=198&t=204707&p=725370#p725077

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Who is online

Users browsing this forum: No registered users and 393 guests