Received this email from eProcessingNetwork and am wondering where I can get an update or a code fix.
Email they sent:
Dear Valued Merchant:
ePN is discontinuing all communication protocols using TLS v1.0 and TLS v1.1 effective June 30th, 2015. After this date, ePN will only support communications using TLS v1.2.
If you are using the ePN TDBE (Transparent Database Engine Integration) or the AuthNet Emulator to integrate with the ePN processing platform, you will be required to make a small yet significant change to the API call within your shopping carts or websites to support TLS v1.2.
Reason for change? On April 15th, 2015 the PCI Security Standards Council published PCI DSS v3.1, whereby they have mandated that SSL and early TLS cannot be used as security controls to protect payment data over public or untrusted communication channels. Entities are advised to upgrade to secure alternatives as soon as possible.
Received this information from eProcessing. Next question, where do I put this PHP line of code in OC version 1.5.5.1 and the authorizenet AIM payment module? PHP is the last line that is hi-lited yellow.
Thanks!!
Allen
API changes for .NET, Java, and cURL to enable TLS v1.2
.NET
Use the SecurityProtocol property to enable TLS v1.2.
For details on how to use the SecurityProtocol property, visit:
http://msdn.microsoft.com/en-us/library ... vs.110).as...
http://msdn.microsoft.com/en-us/library ... .110).aspx
For example, to force TLS v1.2 in a C# .NET implementation, you would use:
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
JAVA
NOTE: JDK 8 will use TLS v1.2 as default: https://blogs.oracle.com/java-platform- ... ll_use_tls
For JDK 7, use the SSLContext.getInstance method to enable TLS v1.2.
For details on how to use the SSLContext.getInstance method, visit:
http://docs.oracle.com/javase/7/docs/ap ... ng.String)
http://docs.oracle.com/javase/7/docs/ap ... ang.String,...
http://docs.oracle.com/javase/7/docs/te ... SSLContext
For example, to use the default security layer provider to enable TLS v1.2, you would use:
object = SSLContext.getInstance("TLSv1.2");
To force TLS v1.2 while using Oracle’s Sun Java Secure Socket Extension (JSSE), you would use:
object = SSLConnect.getInstance("TLSv1.2", "SunJSEE");
cURL
Use the CURLOPT_SSLVERSION option to enable TLS v1.2.
For details on how to use the CURLOPT_SSLVERSION option, visit:
http://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html
In cURL version 7.34.0 or later, use the following examples to force TLS v1.2:
C/C++/C#:
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
PHP:
curl_setopt($curl_request, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
Thanks!!
Allen
API changes for .NET, Java, and cURL to enable TLS v1.2
.NET
Use the SecurityProtocol property to enable TLS v1.2.
For details on how to use the SecurityProtocol property, visit:
http://msdn.microsoft.com/en-us/library ... vs.110).as...
http://msdn.microsoft.com/en-us/library ... .110).aspx
For example, to force TLS v1.2 in a C# .NET implementation, you would use:
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
JAVA
NOTE: JDK 8 will use TLS v1.2 as default: https://blogs.oracle.com/java-platform- ... ll_use_tls
For JDK 7, use the SSLContext.getInstance method to enable TLS v1.2.
For details on how to use the SSLContext.getInstance method, visit:
http://docs.oracle.com/javase/7/docs/ap ... ng.String)
http://docs.oracle.com/javase/7/docs/ap ... ang.String,...
http://docs.oracle.com/javase/7/docs/te ... SSLContext
For example, to use the default security layer provider to enable TLS v1.2, you would use:
object = SSLContext.getInstance("TLSv1.2");
To force TLS v1.2 while using Oracle’s Sun Java Secure Socket Extension (JSSE), you would use:
object = SSLConnect.getInstance("TLSv1.2", "SunJSEE");
cURL
Use the CURLOPT_SSLVERSION option to enable TLS v1.2.
For details on how to use the CURLOPT_SSLVERSION option, visit:
http://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html
In cURL version 7.34.0 or later, use the following examples to force TLS v1.2:
C/C++/C#:
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
PHP:
curl_setopt($curl_request, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
I have been researching this hot and heavy. I have talked to eProcessing and my web hosting service. This is what I have come up with for options:
1. Move Opencart to a dedicated server or VPS and have TLS 1.2 implemented, buy an SSL certificate, update the eprocessing payment module to request TLS 1.2 encryption
2. Have a payment module written for opencart that uses the eProcessing web order form. The required code for the new module is located here: http://www.epnreseller.com/docs/wofg.pdf
I have submitted several programming request to several different companies to write the new payment module. I will post later on any answers. If anyone gets the module written quicker please let me know.
Thanks, Allen
sales@ajguns.net
1. Move Opencart to a dedicated server or VPS and have TLS 1.2 implemented, buy an SSL certificate, update the eprocessing payment module to request TLS 1.2 encryption
2. Have a payment module written for opencart that uses the eProcessing web order form. The required code for the new module is located here: http://www.epnreseller.com/docs/wofg.pdf
I have submitted several programming request to several different companies to write the new payment module. I will post later on any answers. If anyone gets the module written quicker please let me know.
Thanks, Allen
sales@ajguns.net
hey guys,
The extension seller just released the updated file. Go check on your old purchase, you should be able to download the new file.
"
*** NEW VERSION 1.3 RELEASED TO FIX UPCOMING EPN GATEWAY CHANGES! ***
Note: Only one file needs replacing to perform this update. Just overwrite /catalog/controller/payment/eprocessingnetwork.php with the one provided in the new version.
Also Note: This still doesn't work with OpenCart v1.5.2 or greater so be sure to check the compatible versions before purchasing. Will be working on updating this extension to work with OpenCart v2 soon though. Thanks!"
The extension seller just released the updated file. Go check on your old purchase, you should be able to download the new file.
"
*** NEW VERSION 1.3 RELEASED TO FIX UPCOMING EPN GATEWAY CHANGES! ***
Note: Only one file needs replacing to perform this update. Just overwrite /catalog/controller/payment/eprocessingnetwork.php with the one provided in the new version.
Also Note: This still doesn't work with OpenCart v1.5.2 or greater so be sure to check the compatible versions before purchasing. Will be working on updating this extension to work with OpenCart v2 soon though. Thanks!"
Who is online
Users browsing this forum: No registered users and 11 guests
