Site Store Pro & Poodle – What you need to know!
The Site Store Pro shopping cart does NOT require any patch or security update regarding the recently discovered POODLE (SSL 3.0 Fallback) vulnerability.
The Site Store Pro shopping cart already auto-negotiates the highest security protocol level (TLS 1.1 or 1.2) on the destination connection when communicating with a payment provider such as PayPal or Authorize.net and never specifies a SSL 3.0 protocol connection type anywhere in the code like some older carts.
Please note that most hosting providers, ecommerce service providers and all payment providers will be disabling SSL 3.0 support within the coming weeks on all their servers. We have already disabled SSL 3.0 on all our company servers and license activation servers.
If your host disables SSL 3.0 support, it will not affect the operation of your Site Store Pro shopping cart installations but customers who try to visit your website and/or attempt to purchase items using Internet Explorer 6 under https:// will have their connection rejected. All other modern browsers including Firefox, Chrome, Safari and newer versions of Internet Explorer will not be affected if your host disables the SSL 3.0 protocol.
If you are running your own server, it is recommended that you disable the SSL 3.0 protocol to maintain the highest level of security in the future. Currently, servers with SSL 3.0 turned on will still pass PCI compliance SCANS but expect that to change very soon. We anticipate that within the next few months all PCI Scanning Providers will be requiring SSL 3.0 be disabled on the host server for full compliance.
Please note that if you are running any other applications on your server or hosting account (besides your shopping cart), if your host disables SSL 3.0, it may affect the operation of that application.
The Site Store Pro shopping cart is not affected but older, legacy applications that force SSL 3.0 connections could lose their ability to connect to remote services, auto-update their modules, etc. If you are running other applications, you should contact the developer of the software to confirm that disabling SSL 3.0 will not break any functionality in their application.
If you have any questions on the POODLE SSL 3.0 issue, please do not hesitate to contact [email protected].
If you want to test if your current hosting account / server is vulnerable to the POODLE issue, please visit : https://www.ssllabs.com/ssltest/