GenesisTech
asked on
Classic ASP Website and POODLE
I need some help with POODLE.
I have followed instructions on setting my server up so that it will not use SSL 3.0 by changing the registry and testing it.
My issue is that Authorize.Net says I need to make sure that my shopping cart will not be affected when processing credit card transactions.
My cart is written in classic ASP and uses Server.CreateObject ("MSXML2.ServerXMLHTTP.4.0
How do I evaluate my solution to see if it will be a problem?
Thanks!
I have followed instructions on setting my server up so that it will not use SSL 3.0 by changing the registry and testing it.
My issue is that Authorize.Net says I need to make sure that my shopping cart will not be affected when processing credit card transactions.
My cart is written in classic ASP and uses Server.CreateObject ("MSXML2.ServerXMLHTTP.4.0
How do I evaluate my solution to see if it will be a problem?
Thanks!
Scott Fell
I received the same email today. They are talking about the browser and it will only affect people using older IE browsers like ie6 from my understanding.
The copy of that email looks like it is from http://www.authorize.net/support/poodlefaqs/#whattodo
Microsoft is saying there will be an update https://technet.microsoft.com/en-us/library/security/3009008.aspx
Are you using shared hosting or dedicated/vps?
Microsoft is saying there will be an update https://technet.microsoft.com/en-us/library/security/3009008.aspx
Are you using shared hosting or dedicated/vps?
There is some good answers about server specifics answered https://www.experts-exchange.com/questions/28539415/Patch-workaround-for-SSLv3-Poodle-vulnerability.html
I have also asked some others for input.
I have also asked some others for input.
ASKER
I have a dedicated server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Scott and others.
I have followed the link's instructions and I get that already. My understanding is that the link refers to handling INBOUND web requests and how my server will respond to them.
My concern has to do with OUTBOUND payment processing requests. Authorize.NET specifically states that you need to make sure your Shopping Cart software will not have a problem submitting and processing a transaction request to Authorize.NET. How do I determine what protocol my shopping cart uses when sending out the request and whether it will work with Authorize.NET or not?
I have followed the link's instructions and I get that already. My understanding is that the link refers to handling INBOUND web requests and how my server will respond to them.
My concern has to do with OUTBOUND payment processing requests. Authorize.NET specifically states that you need to make sure your Shopping Cart software will not have a problem submitting and processing a transaction request to Authorize.NET. How do I determine what protocol my shopping cart uses when sending out the request and whether it will work with Authorize.NET or not?
No points for this as Scott has already answered it.
All you need do is disable SSLv3 on your server - end of, nothing else to do, carry on with your life.
All you need do is disable SSLv3 on your server - end of, nothing else to do, carry on with your life.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK. I appreciate the help.
I guess I was confused because Authorize.NET made it sound like there were 2 very distinct actions that needed to be taken.
1) To make sure your server no longer supported SSL3 for incoming requests....AND
2) To make sure your transaction processing request being sent to Authorize.NET would be in compliance as well.
If fixing the server fixes both for me, than I guess I am all set.
Thanks guys!!!
I guess I was confused because Authorize.NET made it sound like there were 2 very distinct actions that needed to be taken.
1) To make sure your server no longer supported SSL3 for incoming requests....AND
2) To make sure your transaction processing request being sent to Authorize.NET would be in compliance as well.
If fixing the server fixes both for me, than I guess I am all set.
Thanks guys!!!