Attention X-Payments Hosted users: Action required – SSLv3 shutdown on Nov 19th 2014

Alexander Mulin
Alexander Mulin
, X‑Cart Senior Biz Dev and Head of X‑Payments
X-Payments
Attention X-Payments Hosted users: Action required - SSLv3 shutdown on Nov 19th 2014Dear Users of X-Payments hosted subscriptions (Basic, PRO and Multistore),As you may already know the Internet was hit by the POODLE vulnerability in SSLv3 protocol – a weakness in version 3 of the SSL protocol that allows an attacker in a man-in-the-middle context to decipher the plain text content of an SSLv3 encrypted message.This is neither a vulnerability in X-Cart nor in X-Payments but you still need to take an action.We are disabling SSLv3 support at our X-Payments servers on Nov 19th 2014. This may cause interruption of connection between your X-Cart based shops and X-Payments if your X-Cart shop is not ready. 

X-Cart 5-based store owners

  • In order to avoid such an issue X-Cart 5 users need to install latest version of X-Payments connector module available at the X-Cart 5 Marketplace – do it in a couple of clicks, without leaving the admin area of your store. No manual patching is required 😉
  • Make sure the server where X-Cart is run uses cURL v 7.18.1 or newer.
 

X-Cart 4-based store owners

  • Apply a very simple patch published at X-Payments users forum.
  • Make sure the server where your X-Cart is installed uses cURL v 7.18.1 or newer.
 

Need help?

If you are not sure how to do all of the above – or simply have no time for this during the hot season, please contact our support department using your HelpDesk account. The patch application is free if your X-Cart based store is hosted with us and the plan includes techsupport subscription, or if you have an active subscription for X-Cart support.Another source of help is the POODLE thread at X-Payments users forum. ————————————- My best regards Alex Mulin X-Payments product manager
Sign in
Share
Tweet
+1
Email