You may have heard about the PCI approved scanning vendors (ASV’s) are now failing vulnerability scans where SSLv3 protocols are enabled, in support of the new TLS 1.2 security standards. For this reason, we are disabling SSLv3 across our environment, with IMAP/POP email being the exception for now. We had several customers had trouble accessing their email when we disabled SSLv3 for IMAP/POP email and we are working with Rackspace to determine a solution for email.
Please keep in mind that this change affects not only our CoreCommerce merchants, but also your customers accessing your store as well. This represents roughly 2% of all internet traffic and primarily affects customers using browsers from 2008 or prior.
This notification is different from the SHA-256 SSL certificates we have been installing for customers over the past 30 days. This change has been made across the CoreCommerce network, effective now. If you had a PCI scan that was run before Oct 24th with SSLv3 highlighted as an issue, please initiate a new scan.