Copy link to clipboard
Copied
Hi all,
We’ve been getting many reports over the last few days regarding the POODLE vulnerability and SSLv3 support. As you may be aware, an Internet-wide security issue, commonly referred to as POODLE, has been identified in the last two weeks - it creates a vulnerability that could allow hackers to gain access to any connection using an outdated Web browser.
Business Catalyst is not vulnerable to the POODLE vulnerability. We have disabled SSLv3 on all our servers as soon as the vulnerability news has been released. As a result of this, customers using older versions of browsers (i.e. IE 6.0) might not be able to access their sites properly.
Furthermore, we’ve been getting questions regarding our Authorize.net integration after they announced they will disable SSLv3 connections (http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Important-POODLE-Inform...).
We’d like to confirm that our Authorize.net integration won’t be affected by their change.
Thanks and regards,
Florin
Copy link to clipboard
Copied
Hi Florin
Does this affect any other payment gateways, including Payment Express?
Thanks
Simon
Copy link to clipboard
Copied
Hi Simon,
No payment gateway integration should be affected as our servers are able to negotiate and successfully connect using TLS 1.0, 1.1 and 1.2.
Best regards,
Daniel
Copy link to clipboard
Copied
Good to hear that SSLv3 is disabled, but what about this ALERT I got from Meritus: We are advising all merchants and partners to disable SSL v3 on web browsers or hosts that interact with Meritus and upgrade to use Transport Layer Service (TLS). Please ask your IT department to make these changes as soon as possible, but before December 4, 2014.
Copy link to clipboard
Copied
Just do not worry about it, everyone is issuing such warnings and BC has covered that they are not effected.
Copy link to clipboard
Copied
Just for clarity, BC would have been affected as I highly doubt they didn't run SSL3 as they would like to support IE6 over a HTTPs connection, just like everyone else they would have disabled it. I think it's great news, it means IE6 is now effectively killed as it doesn't support TLS by default.
Copy link to clipboard
Copied
BC has not supported IE 7 for a while TheBCMan, let alone IE6. They put out the announcement already they are fine and not having to make any changes.
Copy link to clipboard
Copied
Hi,
I know it's late to leave this reply, however Firefox and Chrome had removed SSL3 support in their browsers, as SSL3 is being used by a small amount of users, they were confident in turning this service off. As long as your browser is up-to-date you'll be fine.