As you may know, a number of news sources, corporations, and the OpenSSL team reported yesterday 14 October 2014 that version 3 of Secure Sockets Layer (SSLv3) is vulnerable at the protocol level. (https://www.openssl.org/~bodo/ssl-poodle.pdf). This vulnerability allows the content of SSLv3 secure connections to be potentially deciphered by hackers. As such, Burst SMS and the tech community at large are shutting down server access via SSLv3 protocol.
Our Web & email customers are unaffected, and most of our API customers are also OK.
This will only affect Burst API customers if you use our PHP API client code to talk to our API, or you talk to our API using SSLv3 in your own custom code. Affected customers will see failed server connection attempts with an SSLv3 “handshake failure” error. To update your Burst SMS messaging continuity and security, we are requiring customers to stop using SSLv3 to interact with the BurstSMS service and upgrade to use Transport Layer Service (TLS).
If you are using either of our PHP clients APIclient.php for APIv1 or APIClient2.php for APIv2 you will need to download and update the current version of the client, as the older clients were specifying an SSLv3 connection, due to an outdated bug in the PHP curl implementation. See new Downloads @:
APIv1 http://www.transmitsms.com/download/api-client-php (deprecated)
APIv1 customers. This is a good opportunity to upgrade to a newer & current APIv2.
If you are using your own http clients to interact with the API make sure you are using TLS for the https connection and not SSLv3.
If you are using PHP and this does not fix your problem, you may be getting errors similar to:
SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
This means that PHP CURL cannot find a root CA certificate, the following article may help you fix the config.
If you require further assistance or info on any of the above, please get in touch.
Burst SMS Support