Jump to content
  • 0

PostalMethods The form token is invalid / -1


katycomputer

Question

11 answers to this question

Recommended Posts

  • 0
1 hour ago, katycomputer said:

I am on 4.1.2

If 4.1.2, the issue mentioned in the other thread should have been resolved. There is another issue with PostalMethods at the moment.. they do not support modern TLS via their API. I have reached out to them, and they are looking into upgrading their API server to support modern TLS. Therefore, your server must be able to negotiate older SSLv3 or TLS 1.0. Here is what is currently supported:

Quote

# nmap --script ssl-enum-ciphers -p 443 api.postalmethods.c                                                                            om

Starting Nmap 5.51 ( http://nmap.org ) at 2017-11-06 15:32 PST
Nmap scan report for api.postalmethods.com (74.124.23.22)
Host is up (0.038s latency).
rDNS record for 74.124.23.22: cust-74-124-23-22.dllstx01.corexchange.com
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   SSLv3
|     Ciphers (2)
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_RSA_WITH_RC4_128_SHA
|     Compressors (1)
|       uncompressed
|   TLSv1.0
|     Ciphers (2)
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_RSA_WITH_RC4_128_SHA
|     Compressors (1)
|_      uncompressed

Nmap done: 1 IP address (1 host up) scanned in 37.82 seconds
 

Hopefully they will begin supporting TLS 1.1, 1.2 soon.

Link to comment
Share on other sites

  • 0
19 hours ago, katycomputer said:

Thank you . I reached out to my sales rep. Hopefully, the'll resolve the issue.

Actually I think we have a temporary solution for you. Please see https://docs.blesta.com/pages/viewpage.action?pageId=1540327#Company>Billing&Payment-PostalMethods specifically, the yellow box. You may be able to tweak your code to get it to negotiate the older ciphers.

Link to comment
Share on other sites

  • 0

Your modification looks right to me. I'm not sure what -3003 means, it's not listed as an error code for PHP CURL. It may be that your server is unable to negotiate SSLv3 at all.

Try changing the value 3 to instead, per the chart  below. They support SSLv3 and TLS 1.0, so an option of 4 should specify TLS 1.0. Maybe that'll work instead. 

 

Quote

CURL_SSLVERSION_DEFAULT (0)
CURL_SSLVERSION_TLSv1 (1)
CURL_SSLVERSION_SSLv2 (2)
CURL_SSLVERSION_SSLv3 (3)
CURL_SSLVERSION_TLSv1_0 (4)
CURL_SSLVERSION_TLSv1_1 (5)
CURL_SSLVERSION_TLSv1_2 (6).

 

Link to comment
Share on other sites

  • 0
2 hours ago, katycomputer said:

I changed it to 4 - same result, sounds like we'll need to wait for PostalMethods to update their server, perhaps we can use their email to postal gateway:

image.thumb.png.b6a8f27c5a3e2908cf54630c877d5658.png

Actually, this is a separate error code returned by the api.  You can see the various error codes here http://www.postalmethods.com/statuscodes.  This one in particular has the description "Not AuthenticatedAPI key does not exist or Username does not exist or username and password do not match."  I think you should double check your postal methods api key in blesta at /admin/settings/company/billing/deliverymethods/.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...