Description
SSL 3.0 and Paya
Resolution
What is SSL 3.0?
SSL 3.0 is a cryptography protocol that debuted back in 1996 and was co-authored by then Netscape engineer Paul Kocher. SSL 3.0 has long since been superseded by TLS version 1.0, 1.1, and more recently TLS 1.2, which was officially defined in August 2008. While SSL 3.0 is now a legacy protocol, many modern Web browsers and Web servers still support SSL 3.0 as a fallback mechanism.
Why does it impact me?
There is a vulnerability in SSL 3.0 that exposes a security weakness in the cryptographic protocol designed to provide secure communication over the internet. Successful exploitation of this vulnerability can result in an attacker exposing data encrypted between an SSL 3.0 compatible client and an SSL 3.0 compatible server.
POODLE is the attack that exploits this vulnerability. When exploited, Poodle may allow an attacker to steal information over time by altering communications between the SSL client and the server (also known as a Man In The Middle attack) or allow the attacker to decrypt part of the confidential
message. Although this vulnerability is relatively difficult to exploit, all entities who use SSL 3.0 encryption should take action to protect the confidentiality of data. Paya will no longer support the SSL 3.0 protocol on November 17th, 2014. If your systems are attempting to communicate with us via SSL 3.0 you will not be able to access our websites or process transactions. The only safe option to deal with POODLE is to disable the SSL 3.0 protocol.
Get instructions on disabling SSL 3.0 in your browser settings: https://poodle.io/browsers.html
How does this impact me if I connect to the Gateway via API?
This change means that you cannot access the Paya Gateway using the SSL 3.0 protocol. Please ensure that all of your systems are up-to-date in order to connect through the recommended TLS protocol before November 17, 2014.
You can also contact your Network Administrator or your browser's manufacturer for instructions on how to disable the SSL 3.0 protocol.
If you have questions or require additional information, please submit a ticket and we will be in touch with you shortly.