Immediate action required: SSLv3 security alert causing changes in PayPal modules

Due to the POODLE security attack, PayPal will drop their support for SSL 3.0 on December 3rd 2014. In order to keep offering PayPal as payment, this blog post will show you the possible ways to adapt to the issue.

 

This is an urgent note to everyone using PayPal as a payment provider in their OXID eShop.

In October 2014, a vulnerability of the SSL 3.0 protocol was detected, as discussed in forums and blogs recently. This means, websites and all internet businesses relying on SSL 3.0 can no longer sufficiently protect their users‘ information from hackers.

Payment provider PayPal will drop their support for SSL 3.0 on December 3rd 2014, 12:01 a.m. PST (09:01 a.m. CET), causing all PayPal transactions based on SSL 3.0 not to work any longer from this moment on.

In order to keep offering PayPal as a payment in your OXID eShop, please update your OXID eFire Extension PayPal to version

3.2.1 when using OXID eShop 5.2.x (EE) or 4.9.x (PE/CE)
3.1.2 when using OXID eShop 5.1.x (EE) or 4.8.x (PE/CE)
3.0.3 when using OXID eShop 5.0.x (EE) or 4.7.x (PE/CE)

We will also publish a patched version of the OXID eFire Extension PayPal for OXID eShop 4.4.x to 4.6.x within the next week.

Please note:

If you refuse to proceed one of the solutions mentioned above, every payment via PayPal will fail from December 3rd onwards! This also applies for the PayPal Portlets in our cloud platform OXID eFire, which will not be altered. If you still run this method, please update to our standalone OXID eFire Extension as soon as possible. The extension can be found in OXID eXchange.

21 thoughts on “Immediate action required: SSLv3 security alert causing changes in PayPal modules

    • Am not pretty sure about your solution. Apparently, this option was set intentionally – maybe for a good reason – on PayPal recommendation. Some other projects and modules set this option, others didn’t. Requested PayPal directly, hope I can get back with some useful results.

      • Hi! Marco is having days off. I am sure he will get back to you upon his return. Sorry for the delay.

  1. Pingback: Paypal deaktiviert SSL 3.0: Diese Shopsysteme müssen jetzt aktualisiert werden | t3n

  2. Pingback: PayPal deaktiviert SSL 3.0 – Überprüfen Sie Ihr Shopsystem | effeff blog

  3. How can I tell if I am affected by this problem? Can you please add where I can check in backend or/and modules folder.

    • All versions of PayPal below the ones mentioned in the blog post are affected by the problem. You can check the version number of PayPal in your modules folder. Hope this helps!

  4. “We will also publish a patched version of the OXID eFire Extension PayPal for OXID eShop 4.4.x to 4.6.x within the next week.”

    Where is it???

  5. Ein Kunde stelt gerade auf eine neuere Version der PE um, schafft das aber nicht vor dem 3.12. Er hat die 4.2.0 im Einsatz, bislang wird PayPal über seinen eFire-Account mit PayPal Portlet abgewickelt. Hier erhält er die dringende Empfehlung zur Anpassung der Verschlüsselungen. Er müsste das Standalome Modul – die OXID eFire Extension PayPal – installieren. Kann hier die für 4.4. gelieferte Variante gewählt werden oder klappt das nicht, bzw. gibt es noch eine ältere Version? Danke für eine kurzfristige Klärung dazu.

    • Noch ältere Versionen als die 4.4 können vom Standalone-Modul leider nicht unterstützt werden.

  6. A customer has Oxid 4.7 running… Is there a version for that? Will the 4.6 version work?

    Thanks in advance!

    n.

  7. WIr haben das aktuelle Modul OXID eFire Extension PayPal 3.2.1 installiert und erfolgreich gestestet. Benötigen wir jetzt das efire Portlet noch?
    Wenn nein wie kann das deaktiviert werden?

    mfg
    M.Kramer

  8. Pingback: PayPal stellt SSL Verschlüsselung zum 03.12.2014 um - Planet OXID

  9. Pingback: PayPal unterstützt ab dem 03.12. kein SSL 3.0 mehr - Plugins müssen aktualisiert werden - Planet OXID

Leave a Reply

Your email address will not be published. Required fields are marked *