search

brockf / opengateway

A billing platform built for developers. Integrate multiple gateways and clients into one hosted environment.
Other
14 stars 21 forks source link

Authorize.net Updates Notice #38

Closed jasonlynx closed 8 years ago

jasonlynx commented 8 years ago

We received a notice from Authorize.net concerning a few items that may/may not affect opengateway (or membrr). Can anyone confirm if these will require any updates or cause problems?

From Authorize.net:

RC4 Cipher Disablement

In an effort to ensure that all server-to-server communications with the Authorize.Net platform (both transactional and otherwise) maintain the highest levels of security, we will be disabling the RC4 cipher suite in the sandbox on April 29, 2016, and in the production environment on May 31, 2016.

If you have a solution that relies on RC4 to communicate with our servers, please update it to a current, high-security cipher as soon as possible. Please review our API best practices blog post for more information.

Transaction and Batch ID Reminder

In the coming weeks, due to system updates, it will be possible to receive Authorize.Net IDs (Transaction ID, Batch ID, etc.) that are not in sequential order.

For example, currently, if you receive a Transaction ID of "1000," you could expect that the next Transaction ID would not be less than 1000. However, after the updates, it will be possible to receive a Transaction ID less than the one previously received.

If your system has any functionality that expects Authorize.Net-generated IDs to be sequential, please update it immediately so that you will not see any disruptions.

Additionally, please make sure that your solution does not restrict any Authorize.Net ID field to 10 characters. If you are required to define a character limit when storing any of our IDs, the limit should be no less than 20 characters.

brockf commented 8 years ago

Hi @timalford -

The transaction ID change is fine. OpenGateway does not depend on the IDs generated by Authorize.net to be be informative.

The RC4 cipher change may be relevant to you, but this has less to do with OpenGateway (which doesn't specify the kind of SSL connection to be used) and more with the cURL libraries on your web server. As long as your cURL is up-to-date and able to use the RC4 cipher, your SSL connections will continue interrupted.

jasonlynx commented 8 years ago

Thanks for the info!