2 Replies Latest reply: Nov 4, 2014 1:46 AM by Daniel Giuclea RSS

    Authorize.net SSLv3 shutdown, Poodle vulnerability - BC is not affected

    Florin Carlig Employee Hosts
    Florin Carlig Oct 30, 2014 7:22 AM

      Hi all,

       

      We’ve been getting many reports over the last few days regarding the POODLE vulnerability and SSLv3 support. As you may be aware, an Internet-wide security issue, commonly referred to as POODLE, has been identified in the last two weeks - it creates a vulnerability that could allow hackers to gain access to any connection using an outdated Web browser.

      Business Catalyst is not vulnerable to the POODLE vulnerability. We have disabled SSLv3 on all our servers as soon as the vulnerability news has been released. As a result of this, customers using older versions of browsers (i.e. IE 6.0) might not be able to access their sites properly.

       

      Furthermore, we’ve been getting questions regarding our Authorize.net integration after they announced they will disable SSLv3 connections (http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Important-POO DLE-Information-Updated/ba-p/48163).

      We’d like to confirm that our Authorize.net integration won’t be affected by their change.

       

      Thanks and regards,
       Florin