If you haven't heard, the SSL 3 protocol used to secure HTTPS connections was recently exploited affecting almost every Web site. PCI requires all payment processors and merchants to migrate to the newer TLS protocol by June 30, 2016. This important date will have an impact earlier for most merchants because almost every shipping, fulfillment, tax and payment providers is putting an end of life to SSL 3. For example, UPS will require newer TLS as early as May 31, 2016 and PayPal will require TLS connection by June 17, 2016. This means if you don't upgrade, your shipping provider will suddenly stop returning shipping rates and your payment gateway will stop processing payments.
What is SSL and TLS?
SSL and TLS are both protocols used by computers to secure the communication between machines. It tells the machines how to encrypt and decrypt the data when sent over the Internet. Over the years, there have been many versions of these protocols such as SSL 3, TLS 1.0, TLS 1.1 and TLS 1.2.
Who is affected?
The exploits are not limited to Revindex software. Anyone and any application that uses the HTTPS communication over the Internet are affected. This means the issue is not limited to payment providers only in your Storefront. Any shipping, payment, fulfillment, tax and any 3rd party provider that employ HTTPS for machine communication are affected by these exploits. All over the world, changes are being made.
How soon do I have to upgrade?
You should plan to upgrade as soon as possible. Aside from the obvious breaking changes enforced by 3rd party providers, you are potentially exposing important personal information to hackers. By upgrading, your site will comply with PCI rules, become more secure, run faster and you will gain new enhancements that can potentially increase your sales revenue. The deadline varies slightly for each provider. Here is a short example of known dates for these providers:
- eProcessingNetwork requires TLS 1.2 by March 31, 2016
- UPS requires TLS 1.2 by May 31, 2016
- PayPal requires TLS 1.2 by June 17, 2016
- Authorize.net requires TLS 1.2 by early 2017
How do I upgrade?
You will need to upgrade to the latest DNN 8+ and upgrade all your Revindex software that you currently use. In particular, you need to be running the latest Revindex Storefront 8.0. Please open a sales ticket if you are unsure what you need and we'll be happy to assist you. We can also perform the upgrade for you if you don't have technical help.
How do I get early notification?
Early warning has already been sent out to users via our Revindex newsletter. If you're not yet subscribed, please update your profile preference to subscribe to our free newsletter to receive important updates. You can also follow us on twitter or subscribe to the blog feed.