Attention X-Payments Hosted users: Action required – SSLv3 shutdown on Nov 19th 2014

Dear Users of X-Payments hosted subscriptions (Basic, PRO and Multistore),

As you may already know the Internet was hit by the POODLE vulnerability in SSLv3 protocol – a weakness in version 3 of the SSL protocol that allows an attacker in a man-in-the-middle context to decipher the plain text content of an SSLv3 encrypted message.

This is neither a vulnerability in X-Cart nor in X-Payments but you still need to take an action.

We are disabling SSLv3 support at our X-Payments servers on Nov 19th 2014. This may cause interruption of connection between your X-Cart based shops and X-Payments if your X-Cart shop is not ready.

X-Cart 5-based store owners

• In order to avoid such an issue X-Cart 5 users need to install latest version of X-Payments connector module available at the X-Cart 5 Marketplace – do it in a couple of clicks, without leaving the admin area of your store. No manual patching is required 😉
• Make sure the server where X-Cart is run uses cURL v 7.18.1 or newer.

X-Cart 4-based store owners

• Apply a very simple patch published at X-Payments users forum.
• Make sure the server where your X-Cart is installed uses cURL v 7.18.1 or newer.

Need help?

If you are not sure how to do all of the above – or simply have no time for this during the hot season, please contact our support department using your HelpDesk account. The patch application is free if your X-Cart based store is hosted with us and the plan includes techsupport subscription, or if you have an active subscription for X-Cart support.

Another source of help is the POODLE thread at X-Payments users forum.