Immediate action required: SSLv3 security alert causing changes in PayPal modules

Due to the POODLE security attack, PayPal will drop their support for SSL 3.0 on December 3rd 2014. In order to keep offering PayPal as payment, this blog post will show you the possible ways to adapt to the issue.


This is an urgent note to everyone using PayPal as a payment provider in their OXID eShop.

In October 2014, a vulnerability of the SSL 3.0 protocol was detected, as discussed in forums and blogs recently. This means, websites and all internet businesses relying on SSL 3.0 can no longer sufficiently protect their users‘ information from hackers.

Payment provider PayPal will drop their support for SSL 3.0 on December 3rd 2014, 12:01 a.m. PST (09:01 a.m. CET), causing all PayPal transactions based on SSL 3.0 not to work any longer from this moment on.

In order to keep offering PayPal as a payment in your OXID eShop, please update your OXID eFire Extension PayPal to version

3.2.1 when using OXID eShop 5.2.x (EE) or 4.9.x (PE/CE)
3.1.2 when using OXID eShop 5.1.x (EE) or 4.8.x (PE/CE)
3.0.3 when using OXID eShop 5.0.x (EE) or 4.7.x (PE/CE)

We will also publish a patched version of the OXID eFire Extension PayPal for OXID eShop 4.4.x to 4.6.x within the next week.

Please note:

If you refuse to proceed one of the solutions mentioned above, every payment via PayPal will fail from December 3rd onwards! This also applies for the PayPal Portlets in our cloud platform OXID eFire, which will not be altered. If you still run this method, please update to our standalone OXID eFire Extension as soon as possible. The extension can be found in OXID eXchange.

Releasing OXID eShop patches for all supported series, new ERP interface, creditPass module and PayPal module versions

We are happy to inform you that new patch releases for OXID eShop all supported versions and editions are available. Also, there are new versions of our generic SOAP-ERP connector as well as new Creditpass and PayPal modules.

OXID eShop version 4.7.14 (Community and Professional Edition) and OXID eShop 5.0.14 (Enterprise Edition)
This release will mark the end of life of this series: 4.7 and 5.0 will not be supported any longer, 4.7.14 and 5.0.14 will be the last patch for this series. This patch basically contains some security improvements, you will find all information about it in the release notes at OXIDforge.

OXID eShop version 4.8.8 (CE and PE) and OXID eShop 5.1.8 (EE)
This is just a regular patch release for the legacy branch. This patch contains some security improvements, please read all about the changes in the release notes at OXIDforge.

OXID eShop version 4.9.1 (CE and PE) and OXID eShop 5.2.1 (EE)
The first regular patch release for the 4.9/5.2 series that started just a month ago with 4.9.0/5.2.0. Some bug fixes, no changes in the templates. Please read the release notes.

ERP Connector 2.14.0
The ERP Connector, available for OXID eShop PE and EE, is now compatible to the OXID eShop series 4.9/5.2 database schema. It is available at OXID eXchange.

OXID eFire extension creditPass 3.0.1
There were some bug fixes made on the OXID eFire extension creditPass, also this module is now compatible to the new OXID eShop versions. The new version of this module is available at OXID eXchange as well.

OXID eFire extension PayPal 3.2.1
Have you heard about the poodlebleed bug in SSLv3? Well, this new module version addresses exactly this vulnerability and changes the encryption technology from SSL to the more secure TLS. Also, this new module version is compatible with the latest OXID eShop releases and can be downloaded from OXID eXchange. Additionally, we added the poodle fix to version 3.1.2 and 3.0.3.



Marco SteinhäuserIn e-commerce since 2000, working for OXID eSales since 2006 starting at support dept, taking care about OXID’s community management since October 2008. Father of three boys, passionate about i18n, l10n, guitar playing and archery. Get in touch.