Authorize.net SSLv3 shutdown, Poodle vulnerability - BC is not affected

Report · Oct 30, 2014

Hi all,

We’ve been getting many reports over the last few days regarding the POODLE vulnerability and SSLv3 support. As you may be aware, an Internet-wide security issue, commonly referred to as POODLE, has been identified in the last two weeks - it creates a vulnerability that could allow hackers to gain access to any connection using an outdated Web browser.

Business Catalyst is not vulnerable to the POODLE vulnerability. We have disabled SSLv3 on all our servers as soon as the vulnerability news has been released. As a result of this, customers using older versions of browsers (i.e. IE 6.0) might not be able to access their sites properly.

Furthermore, we’ve been getting questions regarding our Authorize.net integration after they announced they will disable SSLv3 connections (http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Important-POODLE-Inform...).

We’d like to confirm that our Authorize.net integration won’t be affected by their change.

Thanks and regards,
Florin

Report · Nov 03, 2014

Hi Florin

Does this affect any other payment gateways, including Payment Express?

Thanks

Simon

Report · Nov 04, 2014

Hi Simon,

No payment gateway integration should be affected as our servers are able to negotiate and successfully connect using TLS 1.0, 1.1 and 1.2.

Best regards,

Daniel

Report · Nov 13, 2014

Good to hear that SSLv3 is disabled, but what about this ALERT I got from Meritus: We are advising all merchants and partners to disable SSL v3 on web browsers or hosts that interact with Meritus and upgrade to use Transport Layer Service (TLS). Please ask your IT department to make these changes as soon as possible, but before December 4, 2014.

Report · Nov 13, 2014

Just do not worry about it, everyone is issuing such warnings and BC has covered that they are not effected.

Report · Nov 13, 2014

Just for clarity, BC would have been affected as I highly doubt they didn't run SSL3 as they would like to support IE6 over a HTTPs connection, just like everyone else they would have disabled it. I think it's great news, it means IE6 is now effectively killed as it doesn't support TLS by default.

Report · Nov 15, 2014

BC has not supported IE 7 for a while TheBCMan, let alone IE6. They put out the announcement already they are fine and not having to make any changes.

Report · Jan 21, 2015

Hi,

I know it's late to leave this reply, however Firefox and Chrome had removed SSL3 support in their browsers, as SSL3 is being used by a small amount of users, they were confident in turning this service off. As long as your browser is up-to-date you'll be fine.

Adobe Community

Authorize.net SSLv3 shutdown, Poodle vulnerability - BC is not affected