Recently, Google researchers discovered a major new vulnerability in an old SSL protocol that’s still supported by the majority of modern browsers. The seriousness of this vulnerability, named POODLE, has led Avangate to discontinue support for SSLv3 across all of our websites and services, after classifying the vulnerability with a high impact for our secure operations. At the time of this announcement, Avangate is not aware of any cases where this vulnerability has been actively exploited.
Our decision to discontinue support for SSLv3 immediately affects users of Internet Explorer 6 and Windows XP, a combination that only supports the SSLv3 protocol for security. Internet Explorer 6 is no longer supported for some time in the Avangate platform development and shopping cart customizations.
As we explained in our blog post about the Shellshock bug, we always want to take the best precautions we can to protect security for as many of our users as possible. Analytics data show that just 0.8 percent of Avangate website visitors and less than 0.1 percent of Avangate shoppers use a combination of IE6 and XP, so this is not a large portion of our audience. IE6 and XP were both released in 2001, IE6 is no longer supported by many online services, and XP support has been officially discontinued by Microsoft.
Most major web services, including Facebook, have also ended support for SSLv3, so IE6 users will need to upgrade their browsers to access many other services in addition to Avangate. We expect that most modern browsers will also make updates soon to remove SSLv3 support. Along with this announcement, we’d like to remind everyone that keeping your browser and software updated to the latest version is a useful way to ensure your security online.
If you have any questions or concerns about this change, or need assistance updating your browser for security reasons, please let us know.