If you’re involved with internet security at all, you know that SSL 3.0 has been deemed unsafe by Google and many others. Today, PayPal announced that they will be discontinuing support for Secure SocketsLayer version 3.0 starting in December according to Venture Beat. PayPal already took security measures last month, but they’re now taking more action.
PayPal CTO James Barrese wrote:
“We are now able to share that PayPal will be disabling support for SSL v3 on December 3, 2014. Any merchant customer whose integration with PayPal uses SSL v3 will need to update their integration before this date to avoid an interruption in their ability to accept payments with PayPal.
We recognize and regret that upgrading their PayPal integration may be challenging for some of our merchant customers at this busy time of year. The decision to extend our support of SSL v3 for a few more weeks was made with these merchants and the safety of our customers’ accounts in mind.
While some may think doing this right before the high point of the holiday season doesn’t make sense, but it’s actually a good idea. Hopefully, other big companies are going to follow suit. While POODLE didn’t cause a big splash outside of the internet security community, it’s still very important to take it seriously. Which is why Google and others have already taken action.
Are you still using SSL 3.0 on a production site or have you taken care of the problem on networks under your administration? Leave a comment and let us know how you’re handling the issue of SSL 3.0. If you haven’t upgrades to TLS yet, you need to drop everything and do it now – especially if you depend on a lot of holiday sales for your revenue.
PayPal is giving people a little more time to make the switch, and it’s important to take advantage of the extra time to make sure you do it right. If you have any questions about SSL 3.0 and what you need to do to make sure your sites are secure with the newer TLS encryption, leave a comment or send us a note.