Jump to content

Archived

This topic is now archived and is closed to further replies.

Harald Ponce de Leon

osCommerce and SSLv3 / Poodle

Recommended Posts

Hi All..

 

None of the modules bundled with our releases force curl to use a specific SSL version when communicating with service providers (eg, PayPal). Instead we leave it up to PHP/Curl to negotiate the best connection possible when connecting to servers.

 

Due to the recent SSLv3 / Poodle vulnerability, many service providers are disabling SSLv3 connections to their servers (eg, PayPal are in the process of doing this).

 

As none of our bundled modules force a specific SSL version to be used, no code changes are necessary and connections will continue to work when service providers have disabled SSLv3.

 

Kind regards,


:heart:, osCommerce

Share this post


Link to post
Share on other sites

Thanks Harald, that's very good to know. All of our clients are using the bundled PayPal modules, so they should be on the safe side.


What is the Matrix? The answer is out there, and it's looking for you, and it will find you if you want it to.

Share this post


Link to post
Share on other sites

I use a Pay Pal module by DEVosc that I found on these forums. I know very little about how all this stuff works, is there any hint on how to check the module to see if it will still work, like what to look for in the code? Or is there a place where I can hire someone to look through the module and see if it will still function?

Share this post


Link to post
Share on other sites

Why are you not using the bundled one developed by Harald?


What is the Matrix? The answer is out there, and it's looking for you, and it will find you if you want it to.

Share this post


Link to post
Share on other sites

At the time this was installed, the Devosc one worked brilliantly, it has never been changed. If my site's SSL is not the SSL 3.0, then shouldn't I be fine?

Share this post


Link to post
Share on other sites

Just switch to sandbox mode in the Devosc PayPal config settings (if available) and make a test order. The PayPal sandbox has already disabled SSL v3, so if the test order does not work, you know that you have a problem. In this case you can either have a developer fix your Devosc plugin or use one of the bundled ones Harald mentioned.


What is the Matrix? The answer is out there, and it's looking for you, and it will find you if you want it to.

Share this post


Link to post
Share on other sites

Hi All

 

I have a store running on ms2.2 secured by the recommended fixes and addons, been running a 16 months, with the paypal updates I was using the old non ipn default paypal module that comes already install with this version, I have disable it as I was unsure if it would be safe to use? , would this payment module be still safe to use any advice on the matter would be a big help.

 

I take with what Harald  mentioned It should be ok?

 

Kind Regards 


Using Bootstrap 8-)

Share this post


Link to post
Share on other sites

@@jamo32 The problem mentioned here is a server issue, not something in your shop. Run the test on the site mentioned above and if it fails, as, your host to fix it.

Share this post


Link to post
Share on other sites

Hi 

 

Thanks Jack I reinstalled the old paypal module and on a test order it worked ok , so all ok to use this module? I take it.


Using Bootstrap 8-)

Share this post


Link to post
Share on other sites

The module has nothing to do with the problem. Test your server using this page to see if there is a problem or not.

Share this post


Link to post
Share on other sites

×