Page MenuHomePhabricator

Worldpay: donors on Firefox receiving weird SSL error
Closed, DeclinedPublic

Description

Urgency: low-medium
Impact to donors: receiving strange error message in english, looks unprofessional and losing donations

Note to @atgo: This wasn't reported at all in IL, but I don't know if I can rule out the issue in case it was a WPG thing. Feel free to close this task if you think it's no longer relevant.

From 11/14/2014:
Number of donors impacted: At least 10 have contacted us since Friday. It seems the payment failure related to this error are not making it to WP so we can't quantify how many are seeing this and not contacting us

We have received word from a number of French donors who say that after entering their credit card details and clicking Submit, they are sent to this page:

https://ott9.wpstn.com/live/

It looks like it's probably a WP page, but there's not much to go off of. A very tech savvy donor sent us the reply below — I think he can explain this better than I ever could. Two other donors confirmed they were using Firefox and probably had to do with browser security:

I tried to donate to Wikipedia but could not, as my web browser (Firefox) is configured not to accept the RC4 algorithm for SSL connections. The RC4 algorithm is considered insecure nowadays. Apparently, RC4 is all that the web server ott9.wpstn.com supports, as I get the error message that no overlap in supported encryption algorithms was found.

The SSL scan results obtained on https://www.ssllabs.com/ssltest/analyze.html?d=ott9.wpstn.com&hideResults=on support this finding.

Please, can you arrange for the SSL stack on this server to allow more secure symmetric algorithms than RC4, so that people with web browsers configured for higher security can donate?

I don't have Civi IDs or WP order IDs for these donors because they didn't seem to make it that far. Two questions:

  1. Is there a reason they're getting a WP error and not one from us?
  1. Is there anything we can do based on the donor's suggestion above to change the way we connect through SSL?

Related Objects

StatusAssignedTask
ResolvedNone
DeclinedNone
OpenNone
Resolvedawight
Resolvedawight
Resolvedawight
Resolvedawight
Resolvedawight
Resolvedawight
Resolvedawight
Resolvedawight
Resolvedawight
Resolvedawight
Resolvedawight
Resolvedawight
Resolvedawight
Invalidawight
Resolvedawight
OpenNone
OpenNone
Duplicateawight
Resolvedawight
Resolvedawight
Resolvedawight
ResolvedJgreen
DeclinedNone
DeclinedNone
DeclinedNone
DeclinedNone

Event Timeline

CCogdill_WMF assigned this task to atgo.
CCogdill_WMF raised the priority of this task from to Needs Triage.
CCogdill_WMF updated the task description. (Show Details)
CCogdill_WMF added subscribers: CCogdill_WMF, atgo.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 5 2015, 8:58 PM

@Jgreen do you have any ideas on this one?

atgo triaged this task as Low priority.Mar 20 2015, 8:41 PM
atgo set Security to None.
atgo added a subtask: Restricted Task.Jul 1 2015, 12:14 AM
atgo removed atgo as the assignee of this task.Aug 11 2015, 6:12 PM
Ejegg closed this task as Declined.Jan 4 2017, 6:03 PM
Ejegg closed subtask Restricted Task as Declined.
Ejegg added a subscriber: atgo.