POODLE / SSL 3.0 Response

Yesterday, Google published details of a new attack on SSL 3.0 -- POODLE. This vulnerability is a basic flaw affecting the SSL 3.0 protocol, which was designed to ensure secure connections when surfing the internet. While this protocol is over 15 years old, and most e-commerce and m-commerce businesses have adopted newer technologies, some older browser versions and even some current browsers will "fall back" to SSL 3.0 in certain situations.

At Braintree, security is our highest priority and we've determined the best course of action would be to disable SSL 3.0 to protect our customers. As we have some merchants who communicate with us via SSL 3.0, we are taking the appropriate steps to minimize disruptions for these merchants. If you currently communicate with us via SSL 3.0, our accounts and support teams will be reaching out to you to explain what changes are necessary. Our intention is to turn off SSL 3.0 as soon as we reasonably can.

Once we turn off SSL 3.0, although we will no longer be communicating via SSL 3.0, if you are using v.zero or Transparent Redirect and your customer is using an older browser that only supports SSL 3.0 like Internet Explorer on Windows XP, their transactions will no longer go through. We recommend that you suggest to your customers that they upgrade their browser to conduct secure transactions. The latest versions of most popular browsers, such as Chrome, IE, Safari, and Firefox, support the latest versions of SSL's successor, TLS.

As always, feel free to reach out to our support team with any questions at support@braintreepayments.com or give us a call at 877.434.2894. You can also read about PayPal's response to the vulnerability on PayPal Forward and check for Braintree status updates here.

John Downey John Downey is the Security Lead at Braintree. In his free time he contributes to open source projects and mentors high school students in the FIRST Robotics Competition. More posts by this author

You Might Also Like