Realex Payments Security Notice
Today, September 16, 2016, all Realex Payments Customers received "Realex Payments - Important Service Announcement" email. This email is to notify store owners who accepts online payments to verify their payment integrations.
The message in the Important Service Announcement states that all Realex Payments integrations using SHA-1 algorithm should revisit usage of the SHA-1 algorithm.
Security certificates are digitally signed with an encrypted hash to ensure that they have not been tampered with. Currently, we support certificates that have SHA-1 or SHA-2 cryptographic hash function.
There are weaknesses identified with SHA-1 alghorithm and the Realex Payments is going to discontinue support of the SHA-1 alghorithm.
However, weaknesses have been identified with SHA-1 that render it incompatible with security best practice. For this reason, we are discontinuing support for SHA-1. Following our upgrade, we will be supporting SHA-256 only.
All integrations which are using SHA-1 algorithm should be revisited and modified to more secure SHA-256 algorithm.
This upgrade will take place on 1st November 2016. As this is consistent with a universal discontinuation of SHA-1 by the end of this year, extensions will not be available regarding this date.
Magento 2 Realex Payments Module
We are verifying all our integrations regularly. Module updates for Magento 2 are delivered in timely manner to avoid having any potential security issues. That is why Realex Payments module for Magento 2 is safe and secure integration for your eCommerce website.
If you would have any questions regarding payment integrations, please send us an email to email@example.com.
We will be happy to assist.