As of Dec 3 2014 PayPal will be disabling SSL 3.0 v3 what does this mean for your website if your using PayPal as your payment gateway? Well your going to have to update to TLS and also disable SSL3.0 v3 on your web server as well. POODLE was released with the CVE identifier of CVE-2014-3566. The vulnerability is much like heart bleed that was discovered early this year. It allows a middle man to read unencrypted information such as passwords, credit cards and other secure data in a plain text format.
A simple way of testing your server to see if it running the command in your terminal:
openssl s_client -connect mywebsitehere.com:443 -ssl3
You will need to change mywebsitehere.com to your website name. If you see this:
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
You are safe from the vulnerability. Otherwise you are not and need to update your web server ASAP. This means disabling SSLv3 on all your applications and flippling over to TLS. Here at Red Cherry we make sure we are up on the latest vulnerabilitys to make your software or website are unlikley to be exposed to any threats.comments powered by Disqus