Skip to content
This repository has been archived by the owner on Apr 15, 2024. It is now read-only.

SSLv3 is deprecated #34

Open
qualle opened this issue Oct 20, 2014 · 9 comments
Open

SSLv3 is deprecated #34

qualle opened this issue Oct 20, 2014 · 9 comments

Comments

@qualle
Copy link

qualle commented Oct 20, 2014

Since the SSLv3 is no longer used from PayPal (See http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
and https://ppmts.custhelp.com/ci/fattach/get/430695/1413497213/redirect/1/filename/Poodle%20SSL%203%200%20Vulnerability%20-%20Merchant%20Response%20Guide.pdf )
I recommend to change the default value of public $force_ssl_v3 = true; to false or compltly remove SSLv3 Support.
@petert82
Copy link

Pull request #32 addresses exactly this issue, assuming it is ever accepted.

@devonmather
Copy link

Considering that this was last updated two years ago, it might be worth re-uploading it to a repository that will actually keep it updated.

@Elite
Copy link

Elite commented Nov 27, 2014

Using replacing curl_setopt($ch, CURLOPT_SSLVERSION, 3); with curl_setopt($ch, CURLOPT_SSLVERSION, 4); should also works.

@RKO1195
Copy link

RKO1195 commented Dec 26, 2014

I'm having problems with this i've changed the $force_ssl_v3 = true to false and its still not working for me, is there anything else i need to do ? any help would be appreciated.

@petert82
Copy link

@RKO1195 Have you tried applying the changes from pull request #32? It should work after those.

@RKO1195
Copy link

RKO1195 commented Dec 29, 2014

Yes we put the new changes in from pull #32 and it did fix part of it but I'm still having a problem with one thing it's not putting the UDID number in my txt after payment has been made, it's strange cause it fixed the part where the email gets sent to buyer with the info and all but this one thing is all that's left and where not getting any error and the IPN is sending fine now! Not sure what to do if anyone has any idea I'd appreciate any help thanks.

@CyberPunkCodes
Copy link

This project has not been updated since 2012. It is a shame because it was a simple, yet efficient, PayPal IPN script. Since this has not been maintained, it does not work anymore. PayPal has removed support for SSLv3 due to the POODLE vulnerability, which came about after the last update to this repo. PayPal has also updated their documentation and example code, which I have updated this project to reflect PayPal's recommendations.

I have forked this repo, fixed it, and I am now maintaining the current version. Please use my version found here: https://github.com/WadeShuler/PHP-PayPal-IPN

I give FULL credit to Quixotix for his great script.

@RKO1195
Copy link

RKO1195 commented Mar 31, 2015

Thanks

@oasisfleeting
Copy link

#44

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@qualle @oasisfleeting @devonmather @petert82 @Elite @RKO1195 @CyberPunkCodes