just got an email from authorize.net - they say they are not supporting ssl2.0 - my question is (since I use curl), how do I know what ssl protocol curl is using when I use curl to talk to the gateway?
I would really appreciate an answer to this for security purposes
here is a sample of my code:
$url = 'https://secure.authorize.net/gateway/transact.dll';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
$authorize = curl_exec($ch);
curl_close ($ch);
$response = split('\,', $authorize);
here is a copy of the email:
During the week of March 16 - 20, 2009, Authorize.Net will be deprecating all legacy support for the SSL 2.0 protocol. Changes have recently been made to the Payment Card Industry Data Security Standard (PCI DSS) which have made the use of SSL 2.0 a PCI DSS violation.
Due to this change, it is critical that you update any applications or integrations that may be using the SSL 2.0 protocol to support the more current SSL 3.0/TLS 1.0 protocols. Failure to upgrade your applications or integrations may result in a lost ability to successfully process transactions via the Authorize.Net Payment Gateway.
If you have merchants who are currently using SSL 2.0 to connect to the Authorize.Net Payment Gateway, you must contact them immediately and arrange to update their integrations to the SSL 3.0/TLS 1.0 protocols..
Thanks,
Samuel
