Authorize.net is deprecating their SSL 2.0 Protocol
I recently received email notification that Authorize.net will be deprecating their SSL 2.0 Protocal the week of March 16 - 20, 2009.
All of our Authorize.net ecommerce development was done using the 3.0 version, even going back a few years so it's been around a while. However don't be surprised when ecommerce sites (especially old ones) stop accepting transactions in the middle of March.
Here's the text from the email in its entirety:
Dear Authorize.Net Developer:
During the week of March 16 - 20, 2009, Authorize.Net will be deprecating all legacy support for the SSL 2.0 protocol. Changes have recently been made to the Payment Card Industry Data Security Standard (PCI DSS) which have made the use of SSL 2.0 a PCI DSS violation.
Due to this change, it is critical that you update any applications or integrations that may be using the SSL 2.0 protocol to support the more current SSL 3.0/TLS 1.0 protocols. Failure to upgrade your applications or integrations may result in a lost ability to successfully process transactions via the Authorize.Net Payment Gateway.
If you have merchants who are currently using SSL 2.0 to connect to the Authorize.Net Payment Gateway, you must contact them immediately and arrange to update their integrations to the SSL 3.0/TLS 1.0 protocols.
For more information on the limitations of SSL 2.0 and the advantages of SSL 3.0/TLS 1.0, we recommend reviewing the white paper Analysis of the SSL 3.0 Protocol.
If you have any questions, please contact firstname.lastname@example.org.
In other words, we sure hope you get this email or you can kiss your ecommerce good-bye.
It looks like the account above has been locked... :-P
Wed, 11/03/2010 - 19:30
I just remembered that exactly around the same time last year I had to change the credit card processing systems of two of my clients away from Authorize.net. I'm guessing someone at both companies must have received a similar email. Obviously those weren't sent to the right person LOL! Anyway... from my standpoint it was some extra pay... if they had paid to test their current systems I definitely would have figured it out.
Wed, 09/16/2009 - 16:27