PayPal SSL 3.0 Vulnerability Issue

Support Forums Modules and Extensions Paypal Pro PayPal SSL 3.0 Vulnerability Issue

This topic contains 1 reply, has 0 voices, and was last updated by  imported_admin 10 years, 1 month ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #382

    Scope of work:
    To Avoid the SSL 3.0 Vulnerability Issue in Paypal Modules.

    What is an issue:
    Recently a vulnerability was published that affects a particular version of the Secure Sockets Layer (SSL) protocol, which is used to secure connections to websites. The vulnerability, which only exists in SSL 3.0, allows a cyber criminal to gain access to connections previously assumed secure.
    Fortunately, SSL 3.0 is not the only option available to secure these connections, and this vulnerability can be prevented by disabling support for SSL 3.0. PayPal will completely disable SSL 3.0 support, which will prevent this vulnerability from impacting users of PayPal, including those who may be using an integration via a merchant’s site.
    Whilst disabling this protects users from harm, it may result in compatibility issues for some customers, particularly those merchant sites that rely on SSL 3.0.
    update your integration to be secure and compatible .

    Solution of Issue:
    Add below line in curl request.
    curl_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);

Viewing 1 post (of 1 total)

You must Login/Register to reply to this topic.