Recently, it has been discovered that an internet security protocol called SSL 3.0 is not so secure as it was supposed to be. The vulnerability affecting this widespread but 15 year old security protocol is called “POODLE” by many in the industry. This vulnerability is of concern, because it allows a cyber-criminal to gain access to connections that have been secured via this security protocol.
This is a hosting configuration issue, which is unrelated to Magento. However, it certainly has implications for merchants that use PayPal. This issue also affects other payment gateways that accept SSL 3.0. This issue gains prominence because Paypal as well as other payment gateways are planning to disable SSL 3.0 support in the immediate future, so that this vulnerability can be addressed. Read more on PayPal to announce online shopping login service.
Let us look at the scenario with Paypal. Here, merchants are required to disable SSL 3.0 in hosts that interact with PayPal prior to December 3, 2014. They will be required to upgrade to Transport Layer Service (TLS) so that they can avoid experiencing Payment Operation Failures. A Merchant Response Guide has been provided by PayPal on its blog, so that merchants are able to address this issue.
It is also possible for merchants to reach out to their hosting provider to help with the changing protocols. They can also double check the domains of other payment gateways they use, so that they can verify if they are affected by POODLE. This verification can be done with the help of the POODLE Scan Testing Tool. Further information and useful analysis of the POODLE issue is also available on Google, if merchants are interested in looking for additional information.
Once again, this issue is actually an SSL 3.0 protocol security exploit. It is not a security issue with either PayPal or Magento. The decision taken is that SSL 3.0 will not be supported in the near future so that this exploit can be prevented.
To conclude, Magento also has emailed its customers about the Poodle vulnerability, in which PayPal and other payment gateways are planning to disable SSL 3.0 support. The best way forward is to upgrade to the Transport Layer Service (TLS) before December 03, 2014, to avoid experiencing payment operational failures.
Minal Joshi is a content marketer at Krish with a flair for eCommerce and Digital Commerce aspects. She is a MarTech fanatic with a knack of writing with which, she helps brands to curate, create, & commence digital brand positioning. Sharing insights via articles, case studies, eBooks, Infographics, and other forms of content creation is what she lives for. Being an ardent traveler, when not writing, you'll find her sipping coffee into the mountains or petting a stray.
21 December, 2022 After WooCommerce, Shopify is the 2nd most loved and used eCommerce platform worldwide. Shopify is an entirely feature-rich eCommerce platform. It offers many drag-and-drop options, and its apps work tremendously for store owners. In addition, Shopify is easy to use as it doesn't require depth coding.
Never miss any post, stay tuned!