I got an email from Stripe payments to let me know that a recent credit card transaction on my site had used the SSL 3.0 protocol on my server and that this was possibly insecure due to the recent “Poodle” vulnerability. They said that they would be removing support for SSL 3.0 in Stripe soon and that my existing credit card forms would no longer work.
The fix for this is server based and essentially you need to remove support for the SSL 3.0 protocol on your server in favour of TLS. All modern servers should support TLS but you might need to tell them to or tell them to disable SSL 3.0. Contact your host if you are on a shared server. If you’re on a VPS like me you can do this yourself in WHM/Cpanel as below:
- Go to WHM => Service Configuration => Apache Configuration => Include Editor => Pre Main Include.
- Select a version or All Versions.
- Add the following in the text box that appears:SSLHonorCipherOrder On
SSLProtocol ALL -SSLv2 -SSLv3
- Press the Update button and then “Restart Apache”.