nopCommerce and POODLE

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
9 years ago
Hello,

Is nopCommerce susceptible to the POODLE security vulnerability in regards to how it connects to payment gateways such as Authorize.net?

It would need to connect to Authorize.net using TLS instead of SSLv3 or SSLv2.
0
9 years ago
Yes I am interested in the answer to this as well. I just received a mail from Authorize.net informing that they were disabling support for SSLv3 on November 4th.
0
9 years ago
Authorize.NET got me in on this thread too. My guess/assumption would be that the older SSLv3 solution is not used in nopCommerce, but it would be nice to get some confirmation on that.
0
9 years ago
Suggest, you follow the recommendations in this link, check your web server, run the SSL Test on your own site.

http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed
0
9 years ago
POODLE security issue is not somehow related to nopCommerce or plugins. It's the issue in SSL protocol. It does not depend on used software (e.g. nopCommerce, wordpress, magento, etc). I'm sure that Authorize.NET server are fixed long time ago. If you're concerned about your own server (in case it's dedicated), then please contact your administrator so he disable SSLv3 on the server.
Interested in the dedicated Premium support services provided by core developers? Please visit https://www.nopcommerce.com/nopcommerce-premium-support-services

Regards,
Andrei Mazulnitsyn
nopCommerce team
1
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.