Announcement

Collapse
No announcement yet.

SellerDeck Payments: SSLv3 Support and POODLE

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    SellerDeck Payments: SSLv3 Support and POODLE

    Hi all,

    You may already have heard about a security issue known as SSLv3 POODLE. The issue affects servers and clients that use the SSL protocol to encrypt sensitive information in transit. However, SSLv3 is a legacy protocol which has been superseded for some time by TLS1.0.

    From 15 January 2015 the SellerDeck Payments platform will no longer accept connections using SSLv3. Instead SellerDeck Payments will use TLS. Therefore you must be using a hosting server which supports TLS1.0 or better in order to continue using SellerDeck Payments. Your hosting server will need to have Crypt::SSLeay and NET::SSL installed in order to support TLS.

    I am using SellerDeck Payments and SellerDeck hosting. Will customers be able to checkout correctly on my site after 15 January 2015?

    Yes. If you are using SellerDeck hosting, no action is required.

    I am using SellerDeck Payments with non-SellerDeck hosting. Will customers be able to checkout correctly on my site after 15 January 2015?

    If you are using non-SellerDeck hosting, you will need to check that your hosting server has Crypt::SSLeay and NET::SSL installed. You can check if these modules are installed using the “Website Analysis” tool built into SellerDeck:

    1. In SellerDeck, go to 'Help | Troubleshooting | Website Analysis'.
    2. Under “Perl Modules”, you can see what Perl modules are installed and the version installed.
    3. Look for the Perl modules Crypt::SSLeay and NET::SSL.

    If the modules are not installed on your server, you will need to contact your hosting company to arrange for them to be installed.

    If the hosting company does not agree to install the Perl modules, the only alternative is to change hosting provider.

    Please note, after 15 January 2015, Internet Explorer 6 and below will no longer be supported. That means in order to take MOTO payments within the SellerDeck software, you will need to have Internet Explorer 7 or above installed. Also, shoppers will not be able to checkout on the site with Internet Explorer 6 and below.
    Paul Murphy
    Operations Manager - SellerDeck

    #2
    My hosting company has told me I can install the modules through my control panel. This is straightforward BUT there are several versions of both modules. Can you be more specific with the module versions.
    www.silvermoonbeads.com - Gemstones, Pearls, Hill Tribe sterling silver, Swarovski and Findings.

    Comment


      #3
      For reference, your hosting company should be implementing the list of modules (including the SSL ones here) as listed here:
      http://community.sellerdeck.com/showthread.php?t=44812
      Fergus Weir - teclan ltd
      Ecommerce Digital Marketing

      SellerDeck Responsive Web Design

      SellerDeck Hosting
      SellerDeck Digital Marketing

      Comment


        #4
        I am sorry but this is getting very very confusing.

        Is this the same alert that you sent out in November which was very unclear, and is in post http://community.sellerdeck.com/showthread.php?t=55590

        This suggested that we did not need to do anything if it is currently working.

        Quote"
        Sorry this is confusing, I'll put my hand up as I reviewed the email with others today before it went out.

        Mike has distilled the essential elements from it correctly.

        Firstly this is not about any 'SSL' certificate you may use on your web site (well not directly).

        This is all about encryption between two points, the two points that may be a concern to you are your web server and your PSP(s).

        You may have received a letter from your merchant bank helpfully telling you they will no longer support SSLv3, unhelpfully they didn't mention that you are highly unlikely to actually connect to them directly, you do it via a PSP.

        If you're already using PayPal and it works, you're good
        If you're already using SellerDeck Payments and it works, You're good"

        well we are using Sellerdeck Payments it is working but I don't have the modules mentioned installed. So am I good???

        Could you please number your alerts or something so that I know if I have dealt with the issue. Can you please clarify with a categorical answer.

        Such as ignoring our previous alerts that suggested if things were working now you are fine if you do not have the two modules installed than there is no way this will work from the 15th January
        David Sewell
        The Cotton Patch
        http://www.cottonpatch.co.uk
        http://www.rotarycuttershop.co.uk

        Comment


          #5
          Also big thank you to Fergus for pointing out the previous post on how to find the modules to install, but they don't actually link to anything anymore. You can find the Crypt one if you search on the general site it links to but not sure if this correct one to use.

          Could we have something definite from Sellerdeck on which modules they would recommend and where to get them from?
          David Sewell
          The Cotton Patch
          http://www.cottonpatch.co.uk
          http://www.rotarycuttershop.co.uk

          Comment


            #6
            Thanks Fergusw. My hosts & I are happy with the generic modules to install but it's the specific version we're stuck on. Failing Sellerdeck responding, maybe you could post the full version number of these modules that you have installed. Thanks again.
            www.silvermoonbeads.com - Gemstones, Pearls, Hill Tribe sterling silver, Swarovski and Findings.

            Comment


              #7
              Hi all,

              Thanks for your feedback.

              We have now updated our knowledge base article to include version information and updated links:

              http://community.sellerdeck.com/show...347#post289347

              Thanks
              Paul Murphy
              Operations Manager - SellerDeck

              Comment


                #8
                SSLv3 update - No further action required

                Hi all,

                This is just an update to reassure merchants that if you have SellerDeck Payments and everything is working ok, there is no further action to be taken. SSLv3 is now fully disabled. Your SellerDeck Payments service continues as normal.

                Please ignore the original post regarding the deadline on 15 January 2015. There was a miscommunication between SellerDeck and our provider.

                Thanks
                Paul Murphy
                Operations Manager - SellerDeck

                Comment

                Working...
                X