Jon Jensen jon at endpoint.com
Sun Nov 2 03:06:13 UTC 2014

On Sun, 2 Nov 2014, Peter wrote:

> I'm thinking that it would be a good idea to update the payment modules 
> in Interchange so that they will not use SSLv2 (BEAST) or SSLv3 (POODLE) 
> protocols.  This is probably not an issue because the payment processors 
> have, or will likely soon be removing SSLv3 support from their servers, 
> but still it's probably a good idea to donk the issue from our end as 
> well.

+1. Are you already working on a patch? Want any help?

BTW, BEAST is not related to SSLv2. SSLv2 was broken and dead many years 
before BEAST, and BEAST still affects TLS 1.0. FWIW.


Jon Jensen
End Point Corporation

More information about the interchange-users mailing list