A security vulnerability known as POODLE (Padding Oracle on Downgraded Legacy Encryption) has been identified. Although this security threat affects a relatively low number of Internet connected devices, it is critical and if manipulated, could allow hackers to read encrypted information when passed over an SSL connection.
VCS is taking this issue seriously and have resolved to disable SSLv3 by 03 November 2014. Once disabled, Merchants attempting to connect to VCS using anything less than TLS 1.0 will not be able to and will receive an error message similar to “SSL Connection could not be established”.
We acknowledge that this might be short notice and while we would have preferred to give our merchants sufficient time, VISA has announced that they will remove support for SSLv3 on 2014/10/31 and so we decided to act swiftly in order to alleviate the risk for our and our valued Merchants’ benefit.
We also recommend that you upgrade your browser to one that uses the up-to-date TLS (Transport Layer Encryption) standard and also to disable the use of SSLv3 in your settings as soon as possible.
Host to host (ccxml) merchants please ensure that your code, that connects to VCS, uses at least TLS 1.0 when connecting.
We thank you in advance for your understanding and co-operation.