|The stupid question is the question not asked
SSL Version Mysteryby RiscIt (Novice)
|on Feb 26, 2009 at 09:14 UTC
RiscIt has asked for the wisdom of the Perl Monks concerning the following question:
In order to remain PCI compliant I need to make sure that our e-commerce web app is submitting data to 3rd party services with SSL 3.0. We are using a simple HTTP::Request::Common "POST" to an HTTPS URL with LWP::UserAgent. The headers of the response don't tell me anything about what SSL version is being used, and I can't find anything in the docs for HTTP::Request::Common (or HTTP::Request, or LWP::UserAgent) which would provide any insight.
Is there any test I can run which would reveal what version of SSL is being used? If it turns out that we're using SSL 2.0 then we have a real problem on our hands as a major 3rd party service we use will be dropping support for SSL 2.0 rather soon.
Any advice is appreciated.
If it helps any, this is a stripped down example of how we're making HTTPS POST requests: