• Toll-free  888-665-8637
  • International  +1 717-220-0012
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

CM3 Solutions
#1 Posted : Monday, February 23, 2009 9:42:39 AM(UTC)
CM3 Solutions

Rank: Member

Joined: 8/20/2008(UTC)
Posts: 81
United States

Thanks: 2 times
From Authorize.net:

During the week of March 16 - 20, 2009, Authorize.Net will be deprecating all legacy support for the SSL 2.0 protocol. Changes have recently been made to the Payment Card Industry Data Security Standard (PCI DSS) which have made the use of SSL 2.0 a PCI DSS violation.

Due to this change, it is critical that your merchants update any applications or integrations that may be using the SSL 2.0 protocol to support the more current SSL 3.0/TLS 1.0 protocols. Failure to upgrade their applications or integrations may result in a lost ability to successfully process transactions via the Authorize.Net Payment Gateway.

Only merchants using SSL 2.0 to connect to the payment gateway will be affected. If you have merchants who are currently using SSL 2.0, you must have them contact their Web developer immediately to arrange to update their integrations to the SSL 3.0/TLS 1.0 protocols.

It is critical that if a merchant contacts you regarding the use of SSL 2.0 that you direct that merchant to contact their developer to verify whether their integration will be impacted.
For more information on the limitations of SSL 2.0 and the advantages of SSL 3.0/TLS 1.0, we recommend reviewing the white paper Analysis of the SSL 3.0 Protocol.

Do I need to do anything as far as BV Commerce 5?
Marcus
#2 Posted : Monday, February 23, 2009 1:31:48 PM(UTC)
Marcus

Rank: Member

Joined: 11/5/2003(UTC)
Posts: 1,786

If your site is hosted on IIS6 you (or your web hosting company) will need to disable the SSL 2.0 protocols on your server. This is a registry key setting.
bvcoder
#3 Posted : Monday, February 23, 2009 8:34:34 PM(UTC)
bvcoder

Rank: Member

Joined: 8/1/2007(UTC)
Posts: 310

If you run a PCI scan on your site, it will fail if you have SSL 2.0 enabled. You will need to write to your host to disable SSL 2.0 and enable SSL 3.0. Its a registry change. If you are on a dedicated server, then you will need to do that yourself. Your PCI scanning agent can tell you how exactly how to disable SSL 2.0.
Thanks,
Satya
support @ bayquel.net
Work: +1 803 883 3226
Marcus
#4 Posted : Tuesday, February 24, 2009 10:36:19 AM(UTC)
Marcus

Rank: Member

Joined: 11/5/2003(UTC)
Posts: 1,786

Some of the security scans are also now requiring that you disable 56bit encryption with SSL3.
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

©2024 Develisys. All rights reserved.
  • Toll-free  888-665-8637
  • International  +1 717-220-0012