On Thu, 25 Jan 2018 10:19:26 -0800 SurfShop <contactat...@surfshopcart.com> wrote: > I keep getting emails from Authorize.net about their upcoming > disablement of TLS 1.0 and TLS 1.1 and I need to know if that has > anything to do with Perl or not. I don't have any code in SurfShop > that references either SSL or TLS, so maybe that's handled by Perl > itself or a module I'm using like SSLeay.
Well, how do you interact with Authorize.net? For instance, if you use Business::AuthorizeNet::CIM to deal with them, then that uses LWP::UserAgent under the hood for the communication with authorize.net; it doesn't set any SSL/TLS-specific options when calling LWP::UserAgent, unless you're causing it to yourself. LWP::UserAgent will use LWP::Protocol::https to talk to remote servers over SSL, using either IO::Socket::SSL or Net::SSLeay under the hood. In the absence of any specific instructions otherwise (which B::A::CIM doesn't provide), IO::Socket::SSL will use a sane, secure set of ciphers. If LWP::UserAgent is using IO::Socket::SSL, then setting $IO::Socket::SSL::DEBUG to a suitable value should let you see what it's doing, and what ciphers it negotiates IIRC. If you've made use that the openssl library and the above-mentioned modules are up to date, you're likely to be fine. I do believe they disabled TLS 1.0 on their testbed in advance though, so to be confident, point your code at their testbed and check that it works - if so, all is well! -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/
