ShopSite Knowledgebase



October 28, 2014 email from Authorize.net regarding POODLE and disabling of SSLv3 on November 4, 2014

Product: ALL
Version: ALL
Platform: ALL

I received an email notification from Authorize.net stating that on November 4, 2014 they would be disabling the use of SSLv3 on their systems. Does this affect my ShopSite? Is there anything that I need to do?


ShopSite has tested ShopSite 10, 11, and 12 against Authorize.Net’s test servers that now have SSLv3 disabled and have not encountered any problems.

In addition, since ShopSite v5, the SSL code used by ShopSite is designed to use the newer TLS protocol by default if that is supported on the server ShopSite is securely communicating with (in this case the Authorize.Net server.)

We do not anticipate any problems when Authorize.Net disables support of SSLv3 on November 4, 2014.

The 10/28/2014 email sent to merchants by Authorize.net is as follows:

Important POODLE Information for Your Authorize.Net Account

Your Payment Gateway ID: .........
Dear Authorize.Net Merchant:

As you may be aware, an Internet-wide security issue, commonly referred to as POODLE, has been identified in the last two weeks and affects anyone using older Web browsers that use SSL version 3 (SSLv3), specifically Internet Explorer (IE) 6. This issue creates a vulnerability that could allow hackers to gain access to any connection using this outdated Web browser.

Authorize.Net itself is not vulnerable to POODLE, but we are making changes to our systems to assure that we are providing our merchants and their customers with the highest degree of security possible.

To that end, on November 4, 2014, we will be disabling the use of SSLv3 within our systems. This means that if your website or shopping cart solution uses SSLv3 to send transactions to Authorize.Net, you will no longer be able to process transactions. You will also no longer be able to access any secure Authorize.Net pages from IE6.

We expect that a minimal number of our merchants will be affected. However, because we do not control how your particular site or solution sends transactions to us, this change could potentially impact your transaction processing. Please immediately contact your web developer or shopping cart solution to see if you will need to make any changes to your site or solution before November 4th.

Most modern shopping carts do not use this old technology in their solutions-in general, POODLE will only affect solutions that are older and use SSLv3. But again, because we do not control which method your systems use for transaction processing, we are not able to advise whether or not this change will affect you site or solution. We strongly urge you to contact your web developer or payment solution provider to find out for sure.

We apologize for the short notice, but security is of the utmost concern. Authorize.Net and most other payment and technology companies are disabling SSLv3 as soon as possible to help make sure that hackers aren't able to exploit this vulnerability.

If you have any questions regarding this change, please review our POODLE FAQs. You can also check out this post in the developer community for instructions to give to your web or solution developer regarding the upcoming change.

Thank you for your prompt attention to this urgent issue.

Sincerely,
Authorize.Net


Related Articles

No related articles were found.

Attachments

No attachments were found.

Visitor Comments

Article Details

Last Updated
29th of October, 2014

Would you like to...

Print this page  Print this page

Email this page  Email this page

Post a comment  Post a comment

 Subscribe me

Subscribe me  Add to favorites

Remove Highlighting Remove Highlighting

Edit this Article

Quick Edit

Export to PDF


User Opinions



How would you rate this answer?




Thank you for rating this answer.

Continue