SSL for Zen CartPOODLE is a vulnerability that was discovered in September 2014 which involves shopping carts that use the industry standard SSLv3 in their coding.

Zen Cart is one of the shopping cart systems that uses this coding in some of their payment modules, such as PayPal, Authorize.net, Linkpoint, etc.   These processors either have already, or will soon, start disallowing the use of the industry standard version of SSL v3, The USPS version that came out in September 2014 also has this coding in it.  Authorize.net sent out an email last week giving everyone until November 4th to change their coding.  PayPal initially disallowed the SSLv3 coding, but quickly reversed it back and noted that they would be going back to disallowing it soon.

Because of this, your customers may receive an error during checkout, like: “An error occurred when we tried to contact the payment processor. Please try again, select an alternate payment method, or contact the store owner for assistance. () – (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number”

The solution provided by the Zen Cart development team is to change several files so that no SSL version is specified and Zen Cart can auto-negotiate the SSL to a higher level.

Should you need help with this, we will update all the necessary files so that your Zen Cart payment and shipping modules work properly.  Our charge for this fix is $50. 

Also, if you have USPS installed, a new version was released on 11/2/14 that includes returning rates for First Class Large Envelope as well as the fix for POODLE.  If you indicate on the order form that you want this updated, we will save you $20 and update the USPS for you at the same time as we do the POODLE fix on the other files.

Leave a Reply

You must be logged in to post a comment.