Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Authorize.NET and SSL2.0 PCI DSS violation Rate Topic   - - - - -

 

Posted 20 February 2009 - 12:26 AM #1

I've received this email from Authorize.NET. I am sure a lot of people here use Authorize.NET as their gateway. How do we check to see if we are in compliance? Can someone help me understand how we can test to see if we won't be in violation?
Thank you.

During the week of March 16 - 20, 2009, Authorize.Net will be deprecating all legacy support for the SSL 2.0 protocol. Changes have recently been made to the Payment Card Industry Data Security Standard (PCI DSS) which have made the use of SSL 2.0 a PCI DSS violation.
Due to this change, it is critical that your merchants update any applications or integrations that may be using the SSL 2.0 protocol to support the more current SSL 3.0/TLS 1.0 protocols. Failure to upgrade their applications or integrations may result in a lost ability to successfully process transactions via the Authorize.Net Payment Gateway.
Only merchants using SSL 2.0 to connect to the payment gateway will be affected. If you have merchants who are currently using SSL 2.0, you must have them contact their Web developer immediately to arrange to update their integrations to the SSL 3.0/TLS 1.0 protocols.
It is critical that if a merchant contacts you regarding the use of SSL 2.0 that you direct that merchant to contact their developer to verify whether their integration will be impacted.
For more information on the limitations of SSL 2.0 and the advantages of SSL 3.0/TLS 1.0, we recommend reviewing the white paper Analysis of the SSL 3.0 Protocol.



 
  • WebGuy
  • Senior Member
  • Members
  • Join Date: 02-Dec 08
  • 419 posts

Posted 20 February 2009 - 02:57 PM #2

I too recieved this email and submitted it to CS-CART support, and their response was this:

Thank you for providing this information. These changes do not relate to CS-Cart and they should not affect CS-Cart work.


I've also submitted the Authorize.NET email to my host and am awaiting a response.
WebGuy
www.nutraceaonline.com
CS-CART VERSION: 1.3.5 SP4

 
  • roban
  • Senior Member
  • Moderators
  • Join Date: 23-Oct 06
  • 1132 posts

Posted 22 February 2009 - 01:23 PM #3

Hmmm. I have used Authorize.Net for a few years and haven't received an email like this.

 
  • gasngrills
  • Senior Member
  • Members
  • Join Date: 23-Feb 08
  • 239 posts

Posted 25 February 2009 - 09:42 PM #4

most updated servers should have SSLV3 supported , you can do a server check here:

http://www.serversni...tent.php?do=ssl

CS-Cart 4.5.1


 
  • WebGuy
  • Senior Member
  • Members
  • Join Date: 02-Dec 08
  • 419 posts

Posted 25 February 2009 - 09:45 PM #5

Wow...thanks for the reminder..I'm sure like me you have literally 1,000's of website "tools" used to find all this information out.

It's just sometimes I get a "brain-blockage" (too much coffee?) and forget that I can easily check most of this stuff online...lol
WebGuy
www.nutraceaonline.com
CS-CART VERSION: 1.3.5 SP4

 
  • gasngrills
  • Senior Member
  • Members
  • Join Date: 23-Feb 08
  • 239 posts

Posted 25 February 2009 - 09:48 PM #6

There is always something for anything... The power of the Internet.

Joe

Wow...thanks for the reminder..I'm sure like me you have literally 1,000's of website "tools" used to find all this information out.

It's just sometimes I get a "brain-blockage" (too much coffee?) and forget that I can easily check most of this stuff online...lol


CS-Cart 4.5.1


 

Posted 25 February 2009 - 09:55 PM #7

Thanks for the link. It was helpful!