What’s happening?
Following a number of breaches in the security protocols for SSL and TLS 1.0 Realisable have released patches for the core product, available here and for the Magento connector available upon request to licenced users.
It should be noted that TLS 1.2 is preferred as the industry is heading in that direction.
What is the risk?
The older protocol has a number of vulnerabilities and no longer considered secure, these vulnerabilities are well known and widespread. Read more on the PCI Security standards website here
What do I need to do?
If you run IMan 3.0 or 3.2 then please install the patch linked above, if you are a Magento customer and you think we haven’t yet patched you, please get in touch.
Additionally, you may want to check your Magento system connector setup to ensure you are using a https connection, we have seen a few installs where http is still being used and this is not secure.
How to check your Magento system Connector:
- Log into IMan.
- Navigate to Setup -> System Connectors.
- Edit your Magento System connector
- Check the Version drop down and ensure version 1 is selcted.
- Check the connection string and ensure that it is using https.
The example above should read: https://www.mybigshop.co.uk/index.php/api/xmlrpc
- Most importantly TEST THE INTEGRATION
It may be worth pasting the new https url into a browser and checking the output, if it returns the following:
If the browser bar shows secure, you can be sure your server supports https.