Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Redsys Servired Payment Processor Update Rate Topic   * * * * * 1 votes

 
  • sok777
  • Senior Member
  • Members
  • Join Date: 23-Jun 11
  • 397 posts

Posted 03 November 2015 - 02:39 PM #1

Hello,

 

The biggest spanish payment gateway provider RedSys (servired) is changing the security standards. New changes will be applied from November 23, 2015.

Signature SHA-1 will not be supported anymore after this date.

 

Does anybody have updated version of RedSys (servired) processor?

 

Thanks



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11427 posts

Posted 03 November 2015 - 07:51 PM #2

That requirment is a function of your server, not cs-carrt.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • E.Qi.Librium
  • Senior Member
  • Members
  • Join Date: 05-Sep 09
  • 450 posts

Posted 04 November 2015 - 08:55 AM #3

I'm also interested in the update to this, I've already asked cs cart help desk for a solution and I'm waiting for an update as we only have untill November 23th to update it.


4.3.9  


 
  • eComLabs
  • CS-Cart Expert
  • Authorized Reseller
  • Join Date: 27-Jan 14
  • 19844 posts

Posted 04 November 2015 - 09:08 AM #4

That requirment is a function of your server, not cs-carrt.

 

As far as I can see in the code of the servired.php payment processor, current integration uses sha-1 algorithm. So the code should be changed. 

 

sok777, post the issue to the bug tracker. It can be missed on the community forum 


GET A FREE QUOTE | CS-Cart Add-ons | CS-Cart Licenses | CS-Cart Development | CS-Cart Design | Server Configuration | UniTheme and YOUPI
CS-Cart                USD 345     Multi-Vendor              USD 1250    CS-Cart RU                         24500 руб.
CS-Cart Ultimate  USD 775     CS-Cart + YOUPI      USD 545      CS-Cart RU + UniTheme    36000 руб.


 
  • sok777
  • Senior Member
  • Members
  • Join Date: 23-Jun 11
  • 397 posts

Posted 04 November 2015 - 06:24 PM #5

I posted the issue in the bug tracker. Hope we get updated servired.php soon. It effects all versions of CS CART

 

 

That requirment is a function of your server, not cs-carrt.

 

It has nothing to do with a server in this case. servired.php has to be updated in order to work properly after 23 of November 2015.



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11427 posts

Posted 04 November 2015 - 07:30 PM #6

Okay, you're right.   They are doing their own hashing rather than just relying on HTTPS.

 

So the question is what is the method the provider expects to use?  The fix is very simple once you know what they want/expect and I'm guessing there is a different URL to use based on which hash method you are using (unless they try both on their end).  I.e. you will probably have to change this line too:

$post_address = ($processor_data['processor_params']['test'] == 'Y') ? "https://sis-t.sermepa.es:25443/sis/realizarPago" : "https://sis.sermepa.es/sis/realizarPago";

 

If they expect you to be using sha256, then find instances of sha1($string) and change them to hash('sha256', $string) and you should be good to go.  But it would be better to review their entire specification rather than just trying to change something on the fly and expect it to work properly.

 

Excerpt from PHP sha1() man page:


Note that the sha1 algorithm has been compromised and is no longer being used by government agencies.

As of PHP 5.1.2 a new set of hashing functions are available.

http://www.php.net/m...nction.hash.php

The new function hash() supports a new range of hashing methods.

echo hash('sha256', 'The quick brown fox jumped over the lazy dog.');

It is recommended that developers start to future proof their applications by using the stronger sha-2, hashing methods such as sha256, sha384, sha512 or better.

As of PHP 5.1.2 hash_algos() returns an array of system specific or registered hashing algorithms methods that are available to PHP.

print_r(hash_algos());


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • senove
  • Junior Member
  • Members
  • Join Date: 03-Mar 07
  • 40 posts

Posted 04 November 2015 - 09:35 PM #7

I'm also interested in it.

 

A partir de 23 de noviembre deja de funcionar.



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11427 posts

Posted 04 November 2015 - 10:50 PM #8

I went to look into this for you but their pages don't translate to English and I'm guessing the manuals are not in English either....


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • eComLabs
  • CS-Cart Expert
  • Authorized Reseller
  • Join Date: 27-Jan 14
  • 19844 posts

Posted 05 November 2015 - 08:22 AM #9

I'm also interested in it.

 

A partir de 23 de noviembre deja de funcionar.

 

Post it to the bug tracker. I think that CS-Cart team should care of it


GET A FREE QUOTE | CS-Cart Add-ons | CS-Cart Licenses | CS-Cart Development | CS-Cart Design | Server Configuration | UniTheme and YOUPI
CS-Cart                USD 345     Multi-Vendor              USD 1250    CS-Cart RU                         24500 руб.
CS-Cart Ultimate  USD 775     CS-Cart + YOUPI      USD 545      CS-Cart RU + UniTheme    36000 руб.


 
  • sok777
  • Senior Member
  • Members
  • Join Date: 23-Jun 11
  • 397 posts

Posted 05 November 2015 - 09:56 PM #10

Just in case... bug tracker issue ID #006091.

 

i am not sure about translation but Redsys made the update for the "main" platforms: Magento, Opencart, Prestashop, etc

 

http://www.redsys.es...EvZ0FBIS9nQSEh/

 

 

Okay, you're right.   They are doing their own hashing rather than just relying on HTTPS.

 

So the question is what is the method the provider expects to use?  The fix is very simple once you know what they want/expect and I'm guessing there is a different URL to use based on which hash method you are using (unless they try both on their end).  I.e. you will probably have to change this line too:

$post_address = ($processor_data['processor_params']['test'] == 'Y') ? "https://sis-t.sermepa.es:25443/sis/realizarPago" : "https://sis.sermepa.es/sis/realizarPago";

If they expect you to be using sha256, then find instances of sha1($string) and change them to hash('sha256', $string) and you should be good to go.  But it would be better to review their entire specification rather than just trying to change something on the fly and expect it to work properly.

 

Excerpt from PHP sha1() man page:

 

Yes, looks like that they want SHA256. No manual in English so far.

 

I will try your method after 23/11/2015.

 

Thanks.



 
  • El Nucli
  • Junior Member
  • Authorized Reseller
  • Join Date: 12-Apr 10
  • 53 posts

Posted 05 November 2015 - 10:19 PM #11

Hi. 

 

I also posted a message in cs-cart's communication system. As all of you, I am very interested in a reliable solution to this issue.

 

My message got this reply this morning:

 

 

 

Thank you for your message.

We really appreciate your help in this matter. I have forwarded this information to our developers. I would like to draw your attention to the fact that they are working on this issue and we will contact you as soon as we get any results from them.

 

I'll post in this thread any relevant information from them. If we all collaborate hopefully we'll have a path to update the servired payment method in time to deploy and avoid any business interruption.
 
Regards, 

 

Regards, 



 
  • El Nucli
  • Junior Member
  • Authorized Reseller
  • Join Date: 12-Apr 10
  • 53 posts

Posted 12 November 2015 - 08:13 AM #12

Hi,

Just as a follow up, I had this answer from Cs-Cart team today:
 

We are glad to inform you that our engineers are already working on this issue and the solution is on the testing stage. Most probably, the fix will be ready within the next week.

 

 

It will let us very few time to move on to test on real stores, but hopefully the script will be OK...

 

Regards, 



 
  • E.Qi.Librium
  • Senior Member
  • Members
  • Join Date: 05-Sep 09
  • 450 posts

Posted 19 November 2015 - 08:30 AM #13

Has anyone had any news on this update? the change is in 3 days...


4.3.9  


 
  • eComLabs
  • CS-Cart Expert
  • Authorized Reseller
  • Join Date: 27-Jan 14
  • 19844 posts

Posted 19 November 2015 - 09:34 AM #14

Has anyone had any news on this update? the change is in 3 days...

 

Please check

 

http://forum.cs-cart...3812#entry23812


GET A FREE QUOTE | CS-Cart Add-ons | CS-Cart Licenses | CS-Cart Development | CS-Cart Design | Server Configuration | UniTheme and YOUPI
CS-Cart                USD 345     Multi-Vendor              USD 1250    CS-Cart RU                         24500 руб.
CS-Cart Ultimate  USD 775     CS-Cart + YOUPI      USD 545      CS-Cart RU + UniTheme    36000 руб.


 
  • El Nucli
  • Junior Member
  • Authorized Reseller
  • Join Date: 12-Apr 10
  • 53 posts

Posted 19 November 2015 - 09:43 AM #15

Hi, 

 

I've received this morning the packages for the update. I am performing some basic checks now.

 

The files are the same as the ones in the link eComLabs has just posted.

 

Hope everything is OK!

Attached Files



 
  • E.Qi.Librium
  • Senior Member
  • Members
  • Join Date: 05-Sep 09
  • 450 posts

Posted 19 November 2015 - 10:11 AM #16

Thank you, They just sent me the files, but my cs cart version is the 2.0.6 and the fixes only start at the 2.2 versions...


4.3.9  


 
  • eComLabs
  • CS-Cart Expert
  • Authorized Reseller
  • Join Date: 27-Jan 14
  • 19844 posts

Posted 19 November 2015 - 12:39 PM #17

Thank you, They just sent me the files, but my cs cart version is the 2.0.6 and the fixes only start at the 2.2 versions...

 

Please contact CS-Cart support team. Hope they will help you.


GET A FREE QUOTE | CS-Cart Add-ons | CS-Cart Licenses | CS-Cart Development | CS-Cart Design | Server Configuration | UniTheme and YOUPI
CS-Cart                USD 345     Multi-Vendor              USD 1250    CS-Cart RU                         24500 руб.
CS-Cart Ultimate  USD 775     CS-Cart + YOUPI      USD 545      CS-Cart RU + UniTheme    36000 руб.


 
  • E.Qi.Librium
  • Senior Member
  • Members
  • Join Date: 05-Sep 09
  • 450 posts

Posted 19 November 2015 - 01:14 PM #18

Cs cart support team tells me that 2.2 version files are compatible and "OpenSSL does not affect the Servired payment method. So there is no need to check version of OpenSSL on the server."

So, my fingers are crossed.


4.3.9  


 
  • sok777
  • Senior Member
  • Members
  • Join Date: 23-Jun 11
  • 397 posts

Posted 03 December 2015 - 05:34 PM #19

Hello,

 

Has anybody tried version 2.2 - 3.0? Does it work? I made everything as per instructions but seems like it does not work properly or something is wrong. After you press the button "Confirm the order" it sais "Proceeding with the payment, please wait" and it never takes you to the following page of Servired. The php version 5.3.3. in this case.

 

What could be the problem?

 

Thanks



 
  • CS-Cart team
  • CS-Cart support team
  • Moderators
  • Join Date: 04-Apr 11
  • 3809 posts

Posted 07 December 2015 - 01:00 PM #20

Hello,

 

Has anybody tried version 2.2 - 3.0? Does it work? I made everything as per instructions but seems like it does not work properly or something is wrong. After you press the button "Confirm the order" it sais "Proceeding with the payment, please wait" and it never takes you to the following page of Servired. The php version 5.3.3. in this case.

 

What could be the problem?

 

Thanks

 

The problem requires examination on your server. Please contact us via Customer Help Desk and provide temporary access to your server by clicking on the Add record  link on the Access information page of your Help Desk account so that we could examine the issue.


Sincerely yours, CS-Cart Support Team

 

User guide       |  Developer documentation  |  Core API documentation