Announcement

**perholmes** · 02-25-09, 09:10 AM

Re: authorize.net down

Hi Rick,

I really have to commend you on your prompt attention to this, I think that's great. Very reassuring.

Best,

Per Holmes

**ecentralstores.com** · 02-25-09, 09:15 AM

Re: authorize.net down

Dear David at Hostasaurus,

Thanks for the work around using the Credit Card Payment with Simple Validation. Thanks for your time posting this quick solutions for our customers. We personally want to thank you for you efforts.

Hope Authorize.net and Miva can get this issue corrected.

Have a great day.

Thomas
www.ecentralstores.com

**GDesigns** · 02-25-09, 09:24 AM

Re: authorize.net down

Anybody going to post when it's working again? So we can switch back from simple validation? What a mess, especially since we are leaving to San Diego - bad timing if I've ever seen it...

Hopefully it gets fixed today though - thanks for all your support and temp fixes...

**Brandon MUS** · 02-25-09, 09:28 AM

Re: authorize.net down

I'm just grateful that this happened today and not tomorrow. I'd hate to see an issue like this appear when most of the top devs and techs are busy at a conference and possibly away from their computers.

**Rick Wilson** · 02-25-09, 09:30 AM

Re: authorize.net down

We've identified the root of the problem, Auth.net rolled out an unannouned API change last night. They're seeing about rolling it back and we're writing an updated module in case they're unable to roll back.

We'll keep posting status updates here until it's resolved.

**klassic** · 02-25-09, 09:33 AM

Re: authorize.net down

As reported earlier. Auth.net says we didn't do it. Later oh we did, oops.

**chmatt** · 02-25-09, 09:34 AM

Re: authorize.net down

One of our customers has reported that he received an e-mail from Authorize.Net to a developer mailing list. This e-mail states that Authorize.Net is going to discontinue SSL 2.0, so anything that communicates with their gateways must do so over SSL 3.0/TLS1.0. They are doing this because of PCI.

The e-mail states that they're not doing this until mid March, but it's possible they pulled the lever a bit early, and it would in fact explain the error message that users are experiencing.

**tantus** · 02-25-09, 09:34 AM

Re: authorize.net down

That's a relief :D

**Eric** · 02-25-09, 09:51 AM

Re: authorize.net down

Authorize.net sent out an email back on 2/19/09. Below is quick summary on dates of change, not sure if related or not.

"During the week of March 16 - 20, 2009, Authorize.Net will be deprecating all legacy support for the SSL 2.0 protocol. Changes have recently been made to the Payment Card Industry Data Security Standard (PCI DSS) which have made the use of SSL 2.0 a PCI DSS violation"

Eric

**ILoveHostasaurus** · 02-25-09, 10:00 AM

Re: authorize.net down

That is not related; we tested the https://secure.authorize.net/gateway/transact.dll URL via mvcall this morning and it works fine when requested in that manner, the problem occurs after the communications begin.

**Eric** · 02-25-09, 10:02 AM

Re: authorize.net down

Good to note just following-up on what Cybrhost wrote.

Eric

**morditech.com** · 02-25-09, 10:04 AM

Re: authorize.net down

Originally posted by chmatt View Post

The e-mail states that they're not doing this until mid March, but it's possible they pulled the lever a bit early, and it would in fact explain the error message that users are experiencing.

Our servers are PCI compliant which means that SSLv2 is disabled and we are having this issue with our Authorize.net clients. This leads me to believe that SSLv2 is not the problem.

**ILoveHostasaurus** · 02-25-09, 10:07 AM

Re: authorize.net down

Originally posted by morditech.com View Post

Our servers are PCI compliant which means that SSLv2 is disabled and we are having this issue with our Authorize.net clients. This leads me to believe that SSLv2 is not the problem.

That would have nothing to do with it regardless since disabling SSLv2 on the server is specific to incoming requests to sites on the server, not outgoing requests made by software programs running on the server such as Merchant. However Miva Empresa does not have a problem making an SSLv3 connection so when they do implement that change on their side, it should still be able to communicate with them correctly.

**chmatt** · 02-25-09, 10:15 AM

Re: authorize.net down

I'm tempted to tcpdump and see which SSL version is being negotiated between authnet and miva during a transaction. I'd hate to see this get fixed and another issue in a few weeks if there are problems speaking SSLv3.

But, we're a little off topic.

**digitalsweetspot** · 02-25-09, 10:16 AM

Re: authorize.net down

Originally posted by Rick Wilson View Post

We've identified the root of the problem, Auth.net rolled out an unannouned API change last night. They're seeing about rolling it back and we're writing an updated module in case they're unable to roll back.

We'll keep posting status updates here until it's resolved.

rick...

i hate to be the guy that's asks this, but any idea either from Auth.net or from Miva when the fix can be expected? i have a handful of clients who have been affected by this "oopsies" and i would like to give them a ballpark estimate.

some are reluctant to do the work-around (using simple validation)...especially if the fix will be coming shortly. however, if this is looking like it will be a day resolution, they might reconsider their choice of action.

any ideas would be much appreciated.

thanks in advance for all of your (and your team) support.

cheers!
-jon-

Announcement

authorize.net down

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment