Archive for November, 2014

business-woman-with-laptop-200Authorize.net announced that it would be disallowing SSLv3 connections on November 4, 2014 due to the POODLE vulnerability that was discovered.

PayPal issued a statement to account holders today that it would begin (again) disallowing SSLv3 connections on December 3rd, 2014.

This solution provided by the Zen Cart development team is to modify files so that no SSL version is specified a higher level of SSL can be negotiated from your Zen Cart website.

If you need help with modification of the files, we will be happy to revise them for you so your Zen Cart payment modules work properly.  Our charge for this fix is $50. 

If you have USPS installed, changes were made by USPS and a new version was released on 11/2/14.  This new version includes returning rates for First Class Large Envelope as well as the fix for the POODLE vulnerability.  If you have us change the files, please indicate in the comments section of your order that you want USPS updated and we will do it for no charge since we will be doing the POODLE fix on the other files.

SSL for Zen CartPOODLE is a vulnerability that was discovered in September 2014 which involves shopping carts that use the industry standard SSLv3 in their coding.

Zen Cart is one of the shopping cart systems that uses this coding in some of their payment modules, such as PayPal, Authorize.net, Linkpoint, etc.   These processors either have already, or will soon, start disallowing the use of the industry standard version of SSL v3, The USPS version that came out in September 2014 also has this coding in it.  Authorize.net sent out an email last week giving everyone until November 4th to change their coding.  PayPal initially disallowed the SSLv3 coding, but quickly reversed it back and noted that they would be going back to disallowing it soon.

Because of this, your customers may receive an error during checkout, like: “An error occurred when we tried to contact the payment processor. Please try again, select an alternate payment method, or contact the store owner for assistance. () – (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number”

The solution provided by the Zen Cart development team is to change several files so that no SSL version is specified and Zen Cart can auto-negotiate the SSL to a higher level.

Should you need help with this, we will update all the necessary files so that your Zen Cart payment and shipping modules work properly.  Our charge for this fix is $50. 

Also, if you have USPS installed, a new version was released on 11/2/14 that includes returning rates for First Class Large Envelope as well as the fix for POODLE.  If you indicate on the order form that you want this updated, we will save you $20 and update the USPS for you at the same time as we do the POODLE fix on the other files.