security_updateWe’ve got a fair number of inquiries about emails sent by Authorize.Net with the subject “Authorize.Net Technical Updates Reminder” and email from Paypal with subject “2016 merchant security upgrades”. It’s a scary possibility to have your store’s checkout down after June 14 or June 17 or whichever date they will pick so an urgency of those inquiries is understandable.

First of all, this is done to protect you and your customers so, take it easy and check if your store is ready or not.

 

 

  1. SHA-256 signing algorithm support

    Your server has to support SHA-256 connection (this has to be verified by your host and all servers we manage already support this) and your domain should have SSL certificate issued using SHA-256 signing algorithm.
    To check, go here: https://www.ssllabs.com/ssltest/index.html , enter your store domain name (ex: www.mystore.com) and hit [Submit] button.
    Wait for 2-3 minutes for test to complete and check if you see this line:Signature algorithm: SHA256withRSA

    sha256

    If you do not see SHA256 – contact your host (by the way, if you see score less than “A” on this test – contact your host and send test URL so they can fix the issues).

  2. TLS 1.2 will be required for all HTTPS connections.In the same test, check for TLS 1.2 under Protocols, you should see YES to the right of it.
    TLS_12
    * at the same time, check if SSL 3 is disabled – this is related to POODLE vulnerability which is another story not related to Authorize.net and Paypal updates but worth checking anyway.
  3. HTTP/1.1 will be required for all HTTPS connections.In the same test, check for HTTP/1.1 under “Protocol Details”, you should see “NPN: Yes http/1.1”

http11

4. Shopping cart patches

Some versions of X-cart require several patches to be installed. X-cart guys were kind enough to post the list here:
https://forum.x-cart.com/showpost.php?p=393320&postcount=2
Please contact X-cart support or contact us if you need help with installation of those patches in your store (we do not charge for security patch installations).

We are not aware of any updates related to this security changes required for Magento 1.X and Magento 2.X stores.

I hope this will help you to sleep better at night and we are here for you if you have any questions.

To your success!

Anton Pachkine
www.finestshops.com – Managed and Hosted E-commerce packages for Small Businesses.

 

Do you manage eCommerce website or online store?

Introducing a comprehensive guide and action plan like nothing you've tried before. Designed specifically to revamp your e-commerce strategy from the ground up, it's your key to unlocking the potential of your online store.