2/22/2015 - XCHARGE® DISABLING SSL ENCRYPTION – UPDATE REQUIRED
As a valued XCharge user, we want to inform you of an important change regarding supported encryption protocols and what it means to you as an XCharge customer. Over the next two months, OpenEdge (formerly Accelerated Payment Technologies) will be disabling SSL 3.0 encryption to prevent its usage when processing payments, resulting in a loss of processing capability without the required upgrade.
Why is this happening? At OpenEdge, we take the protection of our customers' data very seriously. On 10/24/2014, VISA issued a Security Alert about an SSL 3.0 ‘POODLE’ vulnerability that may allow malicious attacks to extract data from secure HTTP connections. Although the vulnerability found by Google researchers is somewhat difficult to exploit, VISA is encouraging disabling of SSL 3.0 protocols.
How does this affect me? Current XCharge versions using SSL 3.0 require updating to remove this encryption protocol and replace it with TLS 1.0 encryption or higher. This is critical in terms of maintaining transaction security.
What action do I need to take? OpenEdge has released XCharge 8.0 Release 4 Service Pack 2 to update the encryption protocol. After you upgrade to this version, the new TLS encryption will start to take effect. We will be able to monitor progress, ensuring the new encryption method has been implemented and is active. To complete the upgrade process, please click here and follow the instructions there.
How do I ensure my system is properly patched? You can confirm you are using the correct version by checking the version running on your XCharge server. For more information on how to find your XCharge version, click here.
When will OpenEdge disable SSL 3.0 encryption? OpenEdge plans to disable SSL 3.0 encryption no later than May 29, 2015. After we disable SSL 3.0 encryption, no versions of XCharge using SSL 3.0 will be functional.
Where can I get more information? If you have any questions, please call our dedicated SSL 3.0 remediation hotline at (888) 560-0978.
Thank you for immediate attention to this important matter.
The OpenEdge Team