PHP-PayPal-IPN icon indicating copy to clipboard operation
PHP-PayPal-IPN copied to clipboard

Published 20 hours ago verified publisher icon Quixotix

SSLv3 is deprecated

Open qualle opened this issue 11 years ago • 9 comments

Since the SSLv3 is no longer used from PayPal (See http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html and https://ppmts.custhelp.com/ci/fattach/get/430695/1413497213/redirect/1/filename/Poodle%20SSL%203%200%20Vulnerability%20-%20Merchant%20Response%20Guide.pdf ) I recommend to change the default value of public $force_ssl_v3 = true; to false or compltly remove SSLv3 Support.

qualle avatar Oct 20 '14 12:10 qualle

Pull request #32 addresses exactly this issue, assuming it is ever accepted.

petert82 avatar Oct 20 '14 12:10 petert82

Considering that this was last updated two years ago, it might be worth re-uploading it to a repository that will actually keep it updated.

devonmather avatar Nov 04 '14 01:11 devonmather

Using replacing curl_setopt($ch, CURLOPT_SSLVERSION, 3); with curl_setopt($ch, CURLOPT_SSLVERSION, 4); should also works.

Elite avatar Nov 27 '14 03:11 Elite

I'm having problems with this i've changed the $force_ssl_v3 = true to false and its still not working for me, is there anything else i need to do ? any help would be appreciated.

RKO1195 avatar Dec 26 '14 19:12 RKO1195

@RKO1195 Have you tried applying the changes from pull request #32? It should work after those.

petert82 avatar Dec 28 '14 12:12 petert82

Yes we put the new changes in from pull #32 and it did fix part of it but I'm still having a problem with one thing it's not putting the UDID number in my txt after payment has been made, it's strange cause it fixed the part where the email gets sent to buyer with the info and all but this one thing is all that's left and where not getting any error and the IPN is sending fine now! Not sure what to do if anyone has any idea I'd appreciate any help thanks.

RKO1195 avatar Dec 29 '14 20:12 RKO1195

This project has not been updated since 2012. It is a shame because it was a simple, yet efficient, PayPal IPN script. Since this has not been maintained, it does not work anymore. PayPal has removed support for SSLv3 due to the POODLE vulnerability, which came about after the last update to this repo. PayPal has also updated their documentation and example code, which I have updated this project to reflect PayPal's recommendations.

I have forked this repo, fixed it, and I am now maintaining the current version. Please use my version found here: https://github.com/WadeShuler/PHP-PayPal-IPN

I give FULL credit to Quixotix for his great script.

CyberPunkCodes avatar Feb 03 '15 20:02 CyberPunkCodes

Thanks

RKO1195 avatar Mar 31 '15 17:03 RKO1195

https://github.com/Quixotix/PHP-PayPal-IPN/pull/44

oasisfleeting avatar Mar 15 '16 06:03 oasisfleeting