I thought It seemed very poorly worded and open to confusion.

If you are already successfully using SellerDeck payments, there is no action required
If you are already successfully using PayPal, there is no action required.
If you are not using PayPal, SellerDeck Payments, UPS or GFS then you will not be affected by the change.

The first three statements would seem to suggest no one is affected.
Points 1 and 2 suggest If you use Sellerdeck or Paypal you are not affected
Points 3 says if you don't use Sellerdeck or Paypal you are also not affected.

Surely point 3 covers everyone not covered by points 1 and 2, unless it is me and I am reading it all wrong.

Agreed. I couldn't really make sense of it either and I tend to think I usually understand the technical side of things.

From what I can gather, and I'm not sure about this, Sellerdeck encrypts the users information for sending to the PSP and similarly has to decrypt it for the callback (paypal IPN etc).

The PSPs will no longer accept SSLv3 so you have to make sure that your server is capable of agreeing to use the more secure standard which is TLS.

I think they key word in the email is 'successfully'. ie if your paypal and sellerdeck payments work now then you're fine as they've already made the change. If they don't then you should check your server SSL capabilities.

Mike

PS. At least it came from sellerdeck support rather than someone from sales.

Sorry this is confusing, I'll put my hand up as I reviewed the email with others today before it went out.

Mike has distilled the essential elements from it correctly.

Firstly this is not about any 'SSL' certificate you may use on your web site (well not directly).

This is all about encryption between two points, the two points that may be a concern to you are your web server and your PSP(s).

You may have received a letter from your merchant bank helpfully telling you they will no longer support SSLv3, unhelpfully they didn't mention that you are highly unlikely to actually connect to them directly, you do it via a PSP.

If you're already using PayPal and it works, you're good
If you're already using SellerDeck Payments and it works, You're good

The other PSP integrations in SellerDeck work a little differently and should not be affected.

The PERL modules listed provide the TLS security required now that SSLv3 is out of the picture, if those modules are not installed on your hosting and you're having a problem with PayPal or SellerDeck Payments, that is probably why.

SSLv3 is a very old protocol and has been phased out by many systems over the last few years in favour of TLS. The recent POODLE flaw in SSLv3 has basically prompted everyone still catering for SSLv3 to drop it, in reality it's unlikely to have any impact on anyone.

I hope that helps, or at least doesn't confuse the matter any further.

Steve

Many thanks to all for the replies, glad I wasn't being quite as daft as I thought in asking the question!

Steve - thank you for the clarification, just for feedback I rang Sellerdeck support yesterday about this and was not overly impressed with the response there either, the person I spoke to seemed to know nothing about the subject and just read through the email with little explanation. As I pay a reasonable amount for this support and rarely use it I'm forced to wonder why I'm paying this fee. If the person didn't know the answer then surely the correct response should have been 'I don't know but I'll find out and get back to you'. Sorry - moan over.

Ian.