Attention X-Payments Hosted users: Action required – SSLv3 shutdown on Nov 19th 2014
Dear Users of X-Payments hosted subscriptions (Basic, PRO and Multistore),
As you may already know the Internet was hit by the POODLE vulnerability in SSLv3 protocol – a weakness in version 3 of the SSL protocol that allows an attacker in a man-in-the-middle context to decipher the plain text content of an SSLv3 encrypted message.
This is neither a vulnerability in X-Cart nor in X-Payments but you still need to take an action.
We are disabling SSLv3 support at our X-Payments servers on Nov 19th 2014. This may cause interruption of connection between your X-Cart based shops and X-Payments if your X-Cart shop is not ready.
X-Cart 5-based store owners
- In order to avoid such an issue X-Cart 5 users need to install latest version of X-Payments connector module available at the X-Cart 5 Marketplace – do it in a couple of clicks, without leaving the admin area of your store. No manual patching is required 😉
- Make sure the server where X-Cart is run uses cURL v 7.18.1 or newer.
X-Cart 4-based store owners
- Apply a very simple patch published at X-Payments users forum.
- Make sure the server where your X-Cart is installed uses cURL v 7.18.1 or newer.
If you are not sure how to do all of the above – or simply have no time for this during the hot season, please contact our support department using your HelpDesk account. The patch application is free if your X-Cart based store is hosted with us and the plan includes techsupport subscription, or if you have an active subscription for X-Cart support.
Another source of help is the POODLE thread at X-Payments users forum.
Alex is Payments Sr. Product Manager at X-Cart, a Seller Labs company. His other two passions are ice hockey and history.