The recently announced POODLE security vulnerability has caused those in the security industry, and primarily in the payment processing business, to re-evaluate. PayPal and Authorize.net have both announced they will end support for SSL v3. What does that mean? An article from Authorize.net does a nice job explaining what is POODLE and what it means.
As a Zen Cart operator, if you accept PayPal or use Authorize.net you need to update your payment modules. Failing to do so will result in your customers not being able to use those methods to pay for order. As of today, Authorize.net has announced November 4th as their end date. PayPal has not given an exact date but will end support ‘in the coming days’. EDIT: PayPal will discontinue support for SSL 3.0 on December 3, 2104.
It appears PayPal did not disable support until today, 1/12/2015. If you are getting emails with the subject ‘ALERT: PayPal Express Checkout Error ()’ and the body contains ‘(35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure’ than you do not have the needed patch for your PayPal modules
Leave A Comment