versionOfTLS() depends on www.howsmyssl.com, which didn't renew its own SSL cert!

Question

versionOfTLS() depends on www.howsmyssl.com, which didn't renew its own SSL cert!

Closed this issue 5 years ago · 6 comments

Today our site stopped processing credit card authorizations. I tracked the problem down to versionOfTLS() in BaseCurl.php. It makes a connection to https://www.howsmyssl.com/a/check

https://github.com/intuit/PHP-Payments-SDK/blob/master/src/HttpClients/core/BaseCurl.php#L151

Today howsmyssl.com's own SSL certificate expired, causing versionOfTLS() to fail, in turn causing setSSLConfig() to throw a PHP exception which prevents any Quickbooks Payments communication!

Answer 1 · 2019-11-27T03:18:45.000Z

Fixing it now. Will make a quick release.

Answer 2 · 2019-11-27T03:20:21.000Z

Looks like howsmyssl has just now updated their site with a free Let's Encrypt cert.

Still, maybe not such a great design to depend upon this free site?

Answer 3 · 2019-11-27T03:32:41.000Z

Definitely not. It was there when we just started disabling tls 1.1 and developers are not understanding which tls version they are using. It is no longer necessary.

Answer 4 · 2019-11-27T03:36:47.000Z

You might also consider updating cacert.pem. It appears to be 2 years old.

Answer 5 · 2019-11-27T03:39:28.000Z

I disable the SSL checkings as well. Right now, it will not "verify" the certificate to see if it is signed by a valid authority. For maintenance purposes, "accept all certificate" is the default option.

Answer 6 · 2019-11-27T03:51:40.000Z

In case somebody needs the validation, updated the cacert.pem as well.