Article ID: 123491, created on Nov 12, 2014, last review on Nov 18, 2014

  • Applies to:
  • Business Automation 5.5
  • Business Automation 6.0

Symptoms

The renewal order for the domain registered with OpenSRS failed, it is not possible to register new domains with OpenSRS, further checks show that the test connection also fails with an error:

Test connection failed: 
Check credentials

OPENSRS.log shows empty responses from the registrar, e.g. when checking connection:

[14-11-12 15:32:35.338 Worker1.4   RQ177510 TRC]  +++[1] const OpenSRSResponse OpenSRS::callLookupDomain(const Str&)(Domain: test.com)
14-11-12 15:32:35.338 Worker1.4   RQ177510 NTE] Connected to: https://horizon.opensrs.net:55443
[14-11-12 15:32:35.338 Worker1.4   RQ177510 NTE] Request:
<?xml version='1.0' encoding='UTF-8' standalone='no'?>
<!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'>
<OPS_envelope>
  <header>
    <version>0.9</version>
  </header>
  <body>
    <data_block>
      <dt_assoc>
        <item key='protocol'>XCP</item>
        <item key='action'>LOOKUP</item>
        <item key='object'>DOMAIN</item>
        <item key='attributes'>
          <dt_assoc>
            <item key='domain'>test.com</item>
          </dt_assoc>
        </item>
      </dt_assoc>
    </data_block>
  </body>
</OPS_envelope>
[14-11-12 15:32:35.699 Worker1.4   RQ177510 NTE] Response:


[14-11-12 15:32:35.699 Worker1.4   RQ177510 TRC]  ---[1] const OpenSRSResponse OpenSRS::callLookupDomain(const Str&)

Cause

OpenSRS has disabled SSLv3 connections. You may have received a letter below from OpenSRS:

We are cutting off SSLv3 connections
A vulnerability in the design of SSLv3 was uncovered earlier this week. This vulnerability means that attackers could exploit this weakness and try to decrypt encrypted connections. SSLv3 is 18 years old and the technology behind it is obsolete and insecure.
Having security in mind, we have limited SSLv3 connections within the OpenSRS APIs (domains and email). The vast majority of our resellers already use TLS and if you are still using SSLv3, our recommendation is that you upgrade to TLS as soon as possible to avoid any type of service disruption.
If you need to test your TLS connection, you can use our test environment as it no longer accepts SSLv3 connections.
You won't be affected if:
• You are using the TLS protocol or if your connection is TLS enabled;
• You currently use Storefront or process orders through the new control panel or the RWI.
OpenSRS only uses TLS to connect to other systems so this vulnerability has not affected us. 
If you have any questions or concerns, do not hesitate to contact support at help@opensrs.com. You can also read the official security advisory on the openssl.org website.
The OpenSRS team

No response to the PBA requests means plugin uses SSLv3 connections.

Resolution

The issue has been submitted as a bug with id #PBA-59530 ("TLS should be used in order to connect to OpenSRS"), which is fixed in PBA 5.5.8.

For PBA 5.5.7 install the hotfix from kb #123187.

For PBA 6.0 install the hotfix from kb #123320.

Search Words

Domain renewal request declined by registrar. Failed to get current expiration date Domain Status:Registered

sslv3 opensrs api

198398b282069eaf2d94a6af87dcb3ff caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 801221f8cd76fba7300d1e6817c8e08b 92711db0799e8aefe8e51f12dace0496 3627d36199b8ff577605df76e2fa222b bb7e9177fb03488961a3ea554120f328

Email subscription for changes to this article
Save as PDF