Following the discovery of the SSLv3 critical vulnerability last week and the subsequent disabling of support for this protocol on our TEST system, we are now ready to proceed with the second step in our response to this critical security threat.
Please be informed that effective with 11:00 AM UTC Wednesday 22nd of October 2014, we are switching off SSLv3 capabilities on our LIVE system.
Therefore the following actions are required by our merchants before 11:00 AM UTC Wednesday 22nd of October 2014:
- Merchants need to test that they can still send transactions successfully to the Peach Payments TEST system after SSLv3 was blocked
- In case of transaction errors then please switch to TLS encryption and test again
- Please note: TLS is not affected by the vulnerability and will therefore be used on the TEST and LIVE systems going forward
- Merchants are strongly recommended to deny shoppers' access to the checkout page with browsers using SSLv3 and should recommend to them an update of their browser
Please also review the following support article for more information on SSLv3 and how to protect your sites:
Protecting your website against the POODLE vulnerability
If you require access to our test system then please log a support ticket with us and we will provide access to our sandbox to enable any testing.
For any questions please contact firstname.lastname@example.org
Your Peach Payments Team