Jump to content

Paypal update from SSL 3.0 to TLS


anne101

Recommended Posts

PayPal  Merchant Technical Services merchant centre contacted me today.  They said there is a  Poodle vulnerability issue so are cancelling SSL3.0 and changing to TLS on dec 3rd. They said I need to contact my ecommerce platform providers to ensure there is no problem. Is there anything which needs changing or adapting before this happens?

  • Like 1
Link to comment
Share on other sites

I think I managed to implement the solution for Prestashop 1.6.0.9, module PayPal v3.7.2 for Express checkout using API. I'm not sure whether this will work for everyone or not, but it seems to be working for me. Note that you need to test using SANDBOX where Paypal has implemented this new change and NOT testing using paypal live site. I could see the difference when testing using SANDBOX - i got an error message in my checkout initially when clicking 'pay with paypal' and after implementing this, i could go through the checkout successfully with no error page.

 

Based on this instruction: https://ppmts.custhelp.com/app/answers/detail/a_id/1191

I modified this file:

modules/paypal/api/paypal_connect.php

line 88 - change number 3 to 4 for CURLOPT_SSLVERSION:

from: @curl_setopt($ch, CURLOPT_SSLVERSION, 3);

to @curl_setopt($ch, CURLOPT_SSLVERSION, 4);

 

IMPORTANT - You would need to TEST this using Paypal Sandbox to see if it's working for your site:

1. Create a sandbox business/merchant account: https://developer.paypal.com/webapps/developer/applications/accounts and insert the sandbox merchant API credentials in your prestashop paypal module config

2. Also in your paypal module config: Use a Sandbox > set to 'test mode'  - to activate sandbox

3. Clear your prestashop cache: performance > advanced parameters > smarty > force compilation & cache: No

4. Try going through checkout to test - if you can reach paypal page successfully, that means it seems to be working. Otherwise you wouldn't even reach paypal page and see an error message

5. Don't forget to revert everything back except for the paypal_connect.php file

6. Test your checkout again in live site environment to make sure everything works properly

  • Like 2
Link to comment
Share on other sites

Well, the changes will not be made until december 3, so testing now is a non sense.... My shop´s paypal as of today is working fine

 

Duh, that's why we are testing using SANDBOX as per Paypal instructions. Live site won't be affected until 3rd Dec, but Sandbox already has this change implemented for those who want to get prepared early.

Link to comment
Share on other sites

I think I managed to implement the solution for Prestashop 1.6.0.9, module PayPal v3.7.2 for Express checkout using API. I'm not sure whether this will work for everyone or not, but it seems to be working for me. Note that you need to test using SANDBOX where Paypal has implemented this new change and NOT testing using paypal live site. I could see the difference when testing using SANDBOX - i got an error message in my checkout initially when clicking 'pay with paypal' and after implementing this, i could go through the checkout successfully with no error page.

 

Based on this instruction: https://ppmts.custhelp.com/app/answers/detail/a_id/1191

I modified this file:

modules/paypal/api/paypal_connect.php

line 88 - change number 3 to 4 for CURLOPT_SSLVERSION:

from: @curl_setopt($ch, CURLOPT_SSLVERSION, 3);

to @curl_setopt($ch, CURLOPT_SSLVERSION, 4);

 

IMPORTANT - You would need to TEST this using Paypal Sandbox to see if it's working for your site:

1. Create a sandbox business/merchant account: https://developer.paypal.com/webapps/developer/applications/accounts and insert the sandbox merchant API credentials in your prestashop paypal module config

2. Also in your paypal module config: Use a Sandbox > set to 'test mode'  - to activate sandbox

3. Clear your prestashop cache: performance > advanced parameters > smarty > force compilation & cache: No

4. Try going through checkout to test - if you can reach paypal page successfully, that means it seems to be working. Otherwise you wouldn't even reach paypal page and see an error message

5. Don't forget to revert everything back except for the paypal_connect.php file

6. Test your checkout again in live site environment to make sure everything works properly

 

Hi, thanks for sharing. I have changed the "3" to "4" from the paypal_connect

 

When i checked out from website as customer after the above modification, i could enter paypal page and proceed with payment as usual. However, when i tested website to check out from sandbox mode, i have issue to pay. It will never lead me to paypal page at all. Is that normal and fine? Because i could still receive payment on Live Mode.

Please advise and share with me if there is anything i have missed out during modification. Thank you

Link to comment
Share on other sites

Just found this email for one site I look after...
    
Prestashop version: 1.4.7.3
PayPal module: v2.8.6

Live site is fine for now... naturally, so tested in Sandbox mode and receive the following error:

    PayPal response:
    TIMESTAMP -> 2014-11-12T15:14:56Z
    L_ERRORCODE0 -> 10002
    L_SHORTMESSAGE0 -> Security error
    L_LONGMESSAGE0 -> Security header is not valid
    L_SEVERITYCODE0 -> Error
    PayPal returned error
    

Taking a look at /modules/paypal/api/paypal_connect.php  I can't find the line:

    @curl_setopt($ch, CURLOPT_SSLVERSION, 3);


Closest I can see is one of these:


    @curl_setopt($ch, CURLOPT_POST, true);
    @curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
    @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    @curl_setopt($ch, CURLOPT_HEADER, false);
    @curl_setopt($ch, CURLOPT_TIMEOUT, 30);
    @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
    @curl_setopt($ch, CURLOPT_VERBOSE, true);


In another site I manage Prestashop version: 1.5.3.1 & PayPal module: v3.5.5 I CAN see the line:

    @curl_setopt($ch, CURLOPT_SSLVERSION, 3);

    
So, I'm thinking... do I add the following line to the Prestashop version: 1.4.7.3 site and amend the Prestashop version: 1.5.3.1 one which does have the line to 4:

    @curl_setopt($ch, CURLOPT_SSLVERSION, 4);
    

Hope that makes sense... just thought I'd put this out there to see what the gurus think... I don't want to break anything :)

Link to comment
Share on other sites

This line. as it is in the last stable version of the Paypal module,

@curl_setopt($ch, CURLOPT_SSLVERSION, 3);

will curently work with Live Mode but not with Test mode. Thats because SSL3 is already deacivated in the Test Mode from Paypal. From the 3rd of december on SSL3 will also be deactivated in Live Mode and replaced with TLS.

 

There are several solutions to make the Test Mode work. One of them is to replace this above line with

@curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_DEFAULT);

I cant tell you if this solution is also applicable for the Live Mode from the 3.12 onwards.

 

As tuk66 mentioned, deleting the whole line, should force the module to use auto-negotiation of the SSL version.

 

Also to mention is that "CURLOPT_SSLVERSION, 4" will not work on some old php/curl versions. So be aware of this.

 

But indeed the PrestaShop team should give some input here.

 

 

EDIT:

Just had a look at the PayPal github page, and it seems like they just released an update for the API LINK.

They are using from now on these lines:

CURLOPT_SSL_CIPHER_LIST, TLSv1
CURLOPT_SSLVERSION, 1

There is also a merchant guide for this issue handed out by Paypal LINK

And a topic in the PayPal subforum here on Prestashop LINK

 

And a link to the solution page from PayPal LINK all fixes are mentioned here.

Edited by thepan (see edit history)
  • Like 2
Link to comment
Share on other sites

I'm using PS 1.5.6.2 and PayPal module version 3.6.6 (3.6.5 on another shop)

 

So, should I use this new code on my PayPal API?

 

new code in red.

 

@curl_setopt($ch, CURLOPT_POST, true);
@curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@curl_setopt($ch, CURLOPT_HEADER, false);
@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
@curl_setopt($ch, CURLOPT_SSLVERSION, 1);
@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
@curl_setopt($ch, CURLOPT_VERBOSE, true);
Link to comment
Share on other sites

Hi, thanks for sharing. I have changed the "3" to "4" from the paypal_connect

 

When i checked out from website as customer after the above modification, i could enter paypal page and proceed with payment as usual. However, when i tested website to check out from sandbox mode, i have issue to pay. It will never lead me to paypal page at all. Is that normal and fine? Because i could still receive payment on Live Mode.

Please advise and share with me if there is anything i have missed out during modification. Thank you

 

Hi Meimeisi,

 

Did you change 2 things when testing?

 

Change these 2 things in your prestashop paypal module config:

 

1. You have to use a sandbox merchant account API instead of using your real API when testing.

Create a sandbox merchant account - and insert the API credentials into the paypal module:

https://developer.paypal.com/docs/classic/lifecycle/sb_create-accounts/

 

2. Use a Sandbox > set to 'test mode'

 

Then try ordering something, and see if the error is still there.

Link to comment
Share on other sites

Hi all,

In the paypal_connect.php file commented out the SSL line as below.

Sandbox and live tested and everything seems ok.

Hope this helps

 

@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

@curl_setopt($ch, CURLOPT_HEADER, false);
@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
/*@curl_setopt($ch, CURLOPT_SSLVERSION, 3);*/
@curl_setopt($ch, CURLOPT_VERBOSE, false);

 

 

  • Like 1
Link to comment
Share on other sites

 

I'm using PS 1.5.6.2 and PayPal module version 3.6.6 (3.6.5 on another shop)

 

So, should I use this new code on my PayPal API?

 

new code in red.

 

 
@curl_setopt($ch, CURLOPT_POST, true);
@curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@curl_setopt($ch, CURLOPT_HEADER, false);
@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
@curl_setopt($ch, CURLOPT_SSLVERSION, 1);
@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
@curl_setopt($ch, CURLOPT_VERBOSE, true);

 

could someone assist for this? thank you.

Link to comment
Share on other sites

Hi,

 

I just fired up my test shop which hasn't been touched in months 1.5.6.1 paypal 3.6.1 and payments to sandbox weren't working. Changed the file with:

@curl_setopt($ch, CURLOPT_SSLVERSION, 1);

@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
 
Now Sandbox test payments working again.
Changed site to Live and live credentials and still works :)
 
If it's any help to anyone.
  • Like 1
Link to comment
Share on other sites

 

Hi,

 

I just fired up my test shop which hasn't been touched in months 1.5.6.1 paypal 3.6.1 and payments to sandbox weren't working. Changed the file with:

@curl_setopt($ch, CURLOPT_SSLVERSION, 1);

@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
 
Now Sandbox test payments working again.
Changed site to Live and live credentials and still works :)
 
If it's any help to anyone.

 

Cool!! Thanks for the information.

 

I did that too and both live and sandbox test are working. The website could direct me to paypal page for checkout.

Thank you so much.

Link to comment
Share on other sites

 

Hi all,

In the paypal_connect.php file commented out the SSL line as below.

Sandbox and live tested and everything seems ok.

Hope this helps

 

@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

@curl_setopt($ch, CURLOPT_HEADER, false);
@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
/*@curl_setopt($ch, CURLOPT_SSLVERSION, 3);*/
@curl_setopt($ch, CURLOPT_VERBOSE, false);

 

i tried this earlier but it does not work for my shop.

Link to comment
Share on other sites

Hi Meimeisi,

 

Did you change 2 things when testing?

 

Change these 2 things in your prestashop paypal module config:

 

1. You have to use a sandbox merchant account API instead of using your real API when testing.

Create a sandbox merchant account - and insert the API credentials into the paypal module:

https://developer.paypal.com/docs/classic/lifecycle/sb_create-accounts/

 

2. Use a Sandbox > set to 'test mode'

 

Then try ordering something, and see if the error is still there.

 

Hi, i have no idea of that. But both of live mode and sandbox mode are working perfectly. I have changed the file as follow (red).

Thank you

 

@curl_setopt($ch, CURLOPT_POST, true);
@curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@curl_setopt($ch, CURLOPT_HEADER, false);
@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
@curl_setopt($ch, CURLOPT_SSLVERSION, 1);
@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
@curl_setopt($ch, CURLOPT_VERBOSE, true);
Link to comment
Share on other sites

So if I place this code: 

@curl_setopt($ch, CURLOPT_SSLVERSION, 1);

@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');

 

 

In the space of the code bellow, I fix the problem?:: 

 

curl_setopt($ch, CURLOPT_VERBOSE, 0);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

 

 

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

curl_setopt($ch, CURLOPT_POST, true);

curl_setopt($ch, CURLOPT_POSTFIELDS, 'PARTNER='.urlencode(Configuration::get('PAYPAL_USA_MANAGER_PARTNER')).'&VENDOR='.urlencode

Edited by Anthony DeLa Riviere (see edit history)
Link to comment
Share on other sites

Hi all!

 

2 options:

 

1-wait for a paypal module update

2-follow the instruction given on the links inside the message sent by paypal (need an expert for this)

 

Option #1 is the best option, as we will make an update available for the PayPal module early next week. It's being developed as we speak.

 

Option #2 might work for the most skilled but we seriously advide that you wait for our update.

 

Thanks!

  • Like 2
Link to comment
Share on other sites

Hi all!

 

 

Option #1 is the best option, as we will make an update available for the PayPal module early next week. It's being developed as we speak.

 

Option #2 might work for the most skilled but we seriously advide that you wait for our update.

 

Thanks!

That's awesome. However i am afraid of the new bug for new paypal module. So can i check with you if i would be fine to stick with old module with new api content as follows?

 

new code in red.

 

 
@curl_setopt($ch, CURLOPT_POST, true);
@curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@curl_setopt($ch, CURLOPT_HEADER, false);
@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
@curl_setopt($ch, CURLOPT_SSLVERSION, 1);
@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
@curl_setopt($ch, CURLOPT_VERBOSE, true);

 

It works fine for me. Hope to hear from you soon.

 

Thank you

Link to comment
Share on other sites

Hi,

 

I got same email from Paypal. We're on PrestaShop™ 1.5.6.0 and was wondering if changing from 3 to 4 on the fix mentioned above will start working on live from now. Even tough they haven't removed 3.0 from live yet does it work with 4 already?

Anyone tried this fix on 1.5.6.0?

 

Thanks

 

I tried this on Prestashop 1.5.4 (test and real mode) and 1.6 (test mode), it works good :

 

In modules\paypal\api\paypal_connect.php

replace line 84

-- @curl_setopt($ch, CURLOPT_SSLVERSION, 3);

by

++ @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');

Link to comment
Share on other sites

Does someone knows about the PayPal Pro module wich accepts credit cards on the merchant website instead of redirecting to PayPal website?  Do we have to replace code?

 

We have looked in the PayPal Pro module's code and can't find any occurence of "CURLOPT_SSLVERSION" to replace.

 

We have searched on PrestaShop Addons to see if there is an updated version and the module doesn't seem to be there anymore.

 

Anyone got a clue on this?

 

Thank you

Link to comment
Share on other sites

Hi everybody, 

Thank you for your interest in our module.

 

We have seen recently the following problem:

 the SSL v3 issue (also known as POODLE) was identified on October 14, PayPal has been hard at work to mitigate any potential impact to our customers and has thus decided to completely disable SSL 3.0 support on December 3, 2104 at 12:01 a.m. Pacific Standard Time.

 

POODLE is an internet security vulnerability that impacts the Secure Sockets Layer (SSL) 3.0 protocol, which was designed to ensure secure connections when surfing on the Internet.

 

As a consequence all PayPal merchant customers using PrestaShop will need to update their PayPal integration by upgrading their PayPal module on PrestaShop before December 3rd, 2014 in order to disable SSL 3.0 for their client interactions.

 

This update will be available on Tuesday November 18th, 2014 on Addons (version 3.8.0 to come).

Please make sure to upgrade your module on the latest version once available.

 

If you do not upgrade your PayPal module on PrestaShop by this date, you may face interruptions to your ability to accept payments with PayPal.
 
To make sure your integration is protected against this vulnerability and to keep accepting PayPal payments beyond this date, you need to upgrade your PayPal module to version 3.8.0 by following these steps: 
 
 
Users of version 1.5 and 1.6 of PrestaShop

1. Go to PrestaShop back office in the list of modules installed

2. Click on the « Update it » button next to PayPal module  

 
en-pp1.png
 
The upgrade to version 3.8.0 will then complete.  If it doesn’t, please follow the steps below. 
 
Users of version 1.4 of PrestaShop
 

1. Go to the PrestaShop Addons website  and download the latest version of the PayPal module (version 3.8.0)

2. You need to carry out a manual update of the module. Please go to the “Modules” section in the Back Office of your store 

3. Click on “Upload the module from your computer” , you should get the screen below: 

 

 

en-pp.png

 

4. Insert the downloaded file in zip format

5. Click on « Upload this module »

The upgrade to version 3.8.0 will then complete.

 

We make every effort to help you as quickly as possible and we apologize for any inconvenience due to this problem.

 

Regards, 

202 ecommerce.

  • Like 2
Link to comment
Share on other sites

Hi,

I'm using prestashop 1.4.4.1 for my web store www.waterfilterforfridge.com.au and I'm using Paypal as the payment system for my online store.

 

However, they will disable the SSL 3.0 in December and I need to update SSL3.0 to TLS.

 

I read through forums and found out that there are 2 ways to solve this problem.

 

option #1. wait for the new version of paypal to be released (released on tuesday 18th november)

option #2. manually develop your older version of paypal to TLS.

 

I'm not a developer, so I avoid going through option #2, even with any guides provided with paypal. (they provided with pdf file guide lines but I have no knowledge in developing modules.)

 

Therefore I've waited the new version of paypal module to release and they only released the EUROPE version of paypal (3.8.0).

 

My webstore is based in Australia (Oceania) and if I use the Europe version of Paypal 3.8.0, I was told by Paypal that I may have to provide necessary information like your Australia account in order to verify my account. In example Social numbers, Confirm my bank account and others.

 

They said it's best to contact Prestashop, as the module was prepared by Prestashop.

 

I was wondering if they are going to release the module for Australia (Oceania) soon? or What are my options now?

 

Can anybody advice me?

 

Thanks.

 

Regards,

 

Reina.

  • Like 1
Link to comment
Share on other sites

Currently using PayPal module 3.4.1 Prestashop version 1.5.2 

I'm not seeing an  update button on the pay pal module and I didn't see the paypal module in addons.

I see the one for PayPal Europe   but not an update for those of us not in Europe using the generic module just named PayPal module. Where do I get the update?

  • Like 3
Link to comment
Share on other sites

Sorry maybe I am out of topic.

There is some one can provide me a zip file paypal module 3.4.4 or link for download please?

I had before the 3.4.4. version, I updated to 3.7.2 first and after to 3.8, but i am having problem with 

 

PHP Fatal error: Call to a member function getPageLink() on a non-object in /home/xxxxxx/public_html/classes/Mail.php on line 251

 

I tried to fix this problem without succesful and therefore I wanna restore the old paypal module version but it's not simple find it on internet.

 

my p mail is zucca25 at hotmail dot com

 

thank you in advance

Link to comment
Share on other sites

I use Prestashop 1.4.4.1 after you upgrade of Paypal Module to version 3.8.0 I find the following notice in modules tab:

 

" - PayPal - In order to use the module you need to install the backward compatibility"

 

how can I fix it? I don't know if I've problems with transactions

thanks

Link to comment
Share on other sites

Post #49 stated

This update will be available on Tuesday November 18th, 2014 on Addons (version 3.8.0 to come).

Please make sure to upgrade your module on the latest version once available.

 

If you do not upgrade your PayPal module on PrestaShop by this date, you may face interruptions to your ability to accept payments with PayPal.
 
To make sure your integration is protected against this vulnerability and to keep accepting PayPal payments beyond this date, you need to upgrade your PayPal module to version 3.8.0 by following these steps: 
 
 
Users of version 1.5 and 1.6 of PrestaShop

1. Go to PrestaShop back office in the list of modules installed

2. Click on the « Update it » button next to PayPal module  

 
en-pp1.png
 
 
 
 
It is now Nov 21 and I still don't see this update.  When will this be available for the PayPal module - i only see the paypal europe module
I really don't like to modify the code my self
  • Like 1
Link to comment
Share on other sites

Hi all,

 

Same problem here, I have received a message from paypal and from Prestashop that advise me to upgrade the paypal module, I see there is an upgraded version 3.8.0 of the module on prestashop addons but there is no update button in prestashop backoffice. I have Prestashop version 1.6.0.9 and Paypal module version 3.7.2. It may be fortuity but since I upgrade Prestashop from version 1.6.0.5 to 1.6.0.9 I haven't received module updates any more. Perhaps a bug or something else? I need to update my Paypal module manually?

 

Thanks for help and replies

 

brennino

 

 

 

Post #49 stated

This update will be available on Tuesday November 18th, 2014 on Addons (version 3.8.0 to come).

Please make sure to upgrade your module on the latest version once available.

 

If you do not upgrade your PayPal module on PrestaShop by this date, you may face interruptions to your ability to accept payments with PayPal.
 
To make sure your integration is protected against this vulnerability and to keep accepting PayPal payments beyond this date, you need to upgrade your PayPal module to version 3.8.0 by following these steps: 
 
 
Users of version 1.5 and 1.6 of PrestaShop

1. Go to PrestaShop back office in the list of modules installed

2. Click on the « Update it » button next to PayPal module  

 
en-pp1.png
 
 
 
 
It is now Nov 21 and I still don't see this update.  When will this be available for the PayPal module - i only see the paypal europe module
I really don't like to modify the code my self

 

Link to comment
Share on other sites

Hi! I have version 1.4.9 ... someone who has this version has already tried to make the changes recommended by paypal?
 
Users of version 1.4 of PrestaShop
1- Go to the PrestaShop Addons website and download the latest version of the PayPal module (version 3.8.0)
 
2- You need to carry out a manual update of the module. Please go to the “Modules” section in the Back Office of your store
 
3- Click on “Upload the module from your computer”
 
4- Insert the downloaded file in zip format
 
5- Click on « Upload this module »
 
The upgrade to version 3.8.0 will then complete. 
 
 
Thanks  :) 

Edited by elfetta84 (see edit history)
Link to comment
Share on other sites

Ho installato la Paypal 3.8.0 e utilizzo PS 1.4.4.1

 

a quanto ho capito questo aggiornamento di Paypal si porta dietro un bug naco con aggiornamento 3.6 e mai risolto che noi che utilizziamo Prestashop 1.4 non avevamo. Il probema è serio, perchè con questo nuovo aggiornamento si offrono le spedizioni gratis a random. Se ne parla qui

http://www.prestashop.com/forums/topic/311094-problemi-col-campo-provincia-quando-si-iscrive-un-cliente/

 

Spero si risolva, nel giro di 2 giorni ho dato via già 2 spedizioni "omaggio" senza alcuna promozione in corso  :wacko:

Link to comment
Share on other sites

Hi everyone,

 

I'm kind of lost here.  I am using Paypal USA Canada module 1.3.4 (on PS 1.6.0.8) and I can't find the API folder everyone is referring to. (There is no such folder in the module)  I received an email directly from Paypal informing me that my shop WILL BE affected on December 3rd.  Yet I can't find anywhere a fix for my module.

I prefer NOT to upgrade my module because everytime I did in the past, it was a total mess.

 

Please help !!!

 

Carly

Link to comment
Share on other sites

The following code is the closest to the one everyone is talking about and it's located in my Paypal.php file.  Can anyone let me know what I should be changing or adding ?  I also saw this code in other files in the module - should I be changing those as well?

 

Thanks in advance

 

$ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, 'https://api-3t..(Configuration::get(PAYPAL_USA_SANDBOX') ? 'sandbox.' : '').'paypal.com/nvp');
  curl_setopt($ch, CURLOPT_VERBOSE, 0);
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_POSTFIELDS, 'METHOD='.urlencode($method_name).'&VERSION=98&PWD='.urlencode(Configuration::get('PAYPAL_USA_API_PASSWORD')).'&USER='.urlencode(Configuration::get('PAYPAL_USA_API_USERNAME')).'&SIGNATURE='.urlencode(Configuration::get('PAYPAL_USA_API_SIGNATURE')).$params.'&BUTTONSOURCE=PrestashopUS_Cart');
  $response = curl_exec($ch);
  curl_close($ch);

Link to comment
Share on other sites

Thanks KevinNash for your reply.

 

The link you are referring to clearly saids that the Paypal USA module hasn't been checked yet.

 

I don't understand then that Paypal would send me the email to update my connection if there is no issue.  I really think there is.

 

Unfortunately, it seems to me that because less people use the Paypal USA Canada module (vs. the Europe one), it is less of a priority.  We're 10 days away from the date that the Paypal module might become unusable and it's a critical part of the website.  I find it a little alarming that there is no clear answer. 

 

If anyone has some info - Please help !

Link to comment
Share on other sites

I tried this on Prestashop 1.5.4 (test and real mode) and 1.6 (test mode), it works good :

 

In modules\paypal\api\paypal_connect.php

replace line 84

-- @curl_setopt($ch, CURLOPT_SSLVERSION, 3);

by

++ @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');

my modification

 

            @curl_setopt($ch, CURLOPT_POST, true);

            @curl_setopt($ch, CURLOPT_POSTFIELDS, $body);

            @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

            @curl_setopt($ch, CURLOPT_HEADER, false);

            @curl_setopt($ch, CURLOPT_TIMEOUT, 30);

            @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

            @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

            @curl_setopt($ch, CURLOPT_SSLVERSION, 1);

            @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');

            @curl_setopt($ch, CURLOPT_VERBOSE, true);

 

So far seems ok.

  • Like 1
Link to comment
Share on other sites

Hello,

 

The PayPal USA module is not impacted by Poodle. All PrestaShop merchants using the PayPal USA module can ignore the alert we issued for the PayPal Europe module.

 

PayPal USA does not force the use of SSL v3. So whatever your config is, you're good :)

hi, am i fine without upgrading the paypal module but i changed my paypal api as follow,

 

            @curl_setopt($ch, CURLOPT_POST, true);

            @curl_setopt($ch, CURLOPT_POSTFIELDS, $body);

            @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

            @curl_setopt($ch, CURLOPT_HEADER, false);

            @curl_setopt($ch, CURLOPT_TIMEOUT, 30);

            @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

            @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

            @curl_setopt($ch, CURLOPT_SSLVERSION, 1);

             @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');

            @curl_setopt($ch, CURLOPT_VERBOSE, true);

 

Please advise.

Link to comment
Share on other sites

I have 2 websites with prestashop version 1.5.6.2 and 1.3.1.1.

 

On 1.5.6.2 I updated my paypal module to 3.8 just like it was mentioned on Paypal's email. So now am I done? Is there anything else to do?

 

On 1.3.1.1 I am using paypalAPI version 1 and I have an option of Paypal version 1.6. Now on this website, what should I do? Paypal 3.8 is not compatible with version 1.3.1.1 to upgrade the module.

Link to comment
Share on other sites

it's the 26th Nov and I still cannot see ay update module available in my backend.

I am not a tech and would like to just update the module provide by Prestashop.

Can someone please let me know when is it available?

 

I went to the add on shop but only the Europe version is available!!

 

my prestashop version is 1.5.4.1

 

thanks ...it's getting close to 3rd Dec now...

Link to comment
Share on other sites

I went to the add on shop but only the Europe version is available!!

 

And only the PayPal Europe module is impacted :)

 

Hello,

 

The PayPal USA module is not impacted by Poodle. All PrestaShop merchants using the PayPal USA module can ignore the alert we issued for the PayPal Europe module.

 

PayPal USA does not force the use of SSL v3. So whatever your config is, you're good :)

Link to comment
Share on other sites

good morning to all,

This message has not arrived to my shops that use the module in version v1.7.1.

Where the file code is as follows:

$this->_logs[] = $this->l('Connect with CURL method sucessfull');
			$this->_logs[] = '<b>'.$this->l('Sending this params:').'</b>';
			$this->_logs[] = $body;
			@curl_setopt($ch, CURLOPT_URL, 'https://'.$url);
			@curl_setopt($ch, CURLOPT_POST, true);
			@curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
			@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
			@curl_setopt($ch, CURLOPT_HEADER, false);
			@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
			@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
			@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
			@curl_setopt($ch, CURLOPT_VERBOSE, true);
			$result = @curl_exec($ch);
			if (!$result)
				$this->_logs[] = $this->l('Send with CURL method failed ! Error:').' '.curl_error($ch);
			else
				$this->_logs[] = $this->l('Send with CURL method sucessfull');
			@curl_close($ch);


This variation TSL also affects older versions of Prestashop?

 
In this case what should I change?
Why it is not possible at this time to perform an update module of prestashop 1 .3

Thank you for your help

Link to comment
Share on other sites

good morning to all,

 

This message has not arrived to my shops that use the module in version v1.7.1.

 

Where the file code is as follows:

$this->_logs[] = $this->l('Connect with CURL method sucessfull');
			$this->_logs[] = '<b>'.$this->l('Sending this params:').'</b>';
			$this->_logs[] = $body;
			@curl_setopt($ch, CURLOPT_URL, 'https://'.$url);
			@curl_setopt($ch, CURLOPT_POST, true);
			@curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
			@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
			@curl_setopt($ch, CURLOPT_HEADER, false);
			@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
			@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
			@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
			@curl_setopt($ch, CURLOPT_VERBOSE, true);
			$result = @curl_exec($ch);
			if (!$result)
				$this->_logs[] = $this->l('Send with CURL method failed ! Error:').' '.curl_error($ch);
			else
				$this->_logs[] = $this->l('Send with CURL method sucessfull');
			@curl_close($ch);

This variation TSL also affects older versions of Prestashop?

 
In this case what should I change?

Why it is not possible at this time to perform an update module of prestashop 1 .3

Thank you for your help

Your version not uses the sslv3 protocol, no changes required.

Link to comment
Share on other sites

Hi,

 

I'm using 1.4.7.0 with "paypal with fees" modul. Could you check please if i need to change something on paypalconnect.php ?

I can't find those lines to change mentioned here:

http://www.prestashop.com/forums/topic/380185-paypal-modification-ssl-v3-to-tls/

 

Thanks

 

 

 

<?php

class PayPalConnect extends Paypal
{
    private    $_logs = array();

    public function makeConnection($host, $script, $body, $simple_mode = false)
    {
        $this->_logs[] = $this->l('Making new connection to').' \''.$host.$script.'\'';
        if (function_exists('curl_exec'))
            $return = $this->_connectByCURL($host.$script, $body);
        if (isset($return) AND $return)
            return $return;
        $tmp = $this->_connectByFSOCK($host, $script, $body);
        if (!$simple_mode || !preg_match('/[A-Z]+=/', $tmp, $result))
            return $tmp;
        $pos = strpos($tmp, $result[0]);
        $body = substr($tmp, $pos);
        return $body;
    }

    public function getLogs()
    {
        return $this->_logs;
    }

    /************************************************************/
    /********************** CONNECT METHODS **********************/
    /************************************************************/

    private function _connectByCURL($url, $body)
    {
        $ch = @curl_init();
        if (!$ch)
            $this->_logs[] = $this->l('Connect failed with CURL method');
        else
        {
            $this->_logs[] = $this->l('Connect with CURL method successful');
            $this->_logs[] = '<b>'.$this->l('Sending this params:').'</b>';
            $this->_logs[] = $body;

            @curl_setopt($ch, CURLOPT_POST, true);
            @curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
            @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            @curl_setopt($ch, CURLOPT_HEADER, false);
            @curl_setopt($ch, CURLOPT_TIMEOUT, 30);
            @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
            @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
            @curl_setopt($ch, CURLOPT_VERBOSE, true);
            $result = @curl_exec($ch);
            if (!$result)
                $this->_logs[] = $this->l('Send with CURL method failed ! Error:').' '.curl_error($ch);
            else
                $this->_logs[] = $this->l('Send with CURL method successful');
            @curl_close($ch);
        }
        return (isset($result) ? $result : false);
    }

    private function _connectByFSOCK($host, $script, $body)
    {

        if (!$fp)
            $this->_logs[] = $this->l('Connect failed with fsockopen method');
        else
        {
            $header = $this->_makeHeader($host, $script, strlen($body));
            $this->_logs[] = $this->l('Connect with fsockopen method successful');
            $this->_logs[] = $this->l('Sending this params:').' '.$header.$body;
            @fputs($fp, $header.$body);
            $tmp = '';
            while (!feof($fp))
                $tmp .= trim(fgets($fp, 1024));
            fclose($fp);
            $result = $tmp;
            if (!$result)
                $this->_logs[] = $this->l('Send with fsockopen method failed !');
            else
                $this->_logs[] = $this->l('Send with fsockopen method successful');
        }
        return (isset($result) ? $result : false);
    }

    private function _makeHeader($host, $script, $lenght)
    {
        $header =    'POST '.strval($script).' HTTP/1.0'."\r\n" .
                    'Host: '.strval($host)."\r\n".
                    'Content-Type: application/x-www-form-urlencoded'."\r\n".
                    'Content-Length: '.(int)($lenght)."\r\n".
                    'Connection: close'."\r\n\r\n";
        return $header;
    }
}
 

Edited by arimer (see edit history)
Link to comment
Share on other sites

i have done the changes below, everything is fine

 

                        1.2.1 First change

 

Find the line :

 

@curl_setopt($ch, CURLOPT_SSLVERSION, 3);

 

Remove this line or you could choose to replace this line with this new line below :

 

@curl_setopt($ch,CURLOPT_SSLVERSION, defined(CURL_SSLVERSION_TLSv1) ? CURL_SSLVERSION_TLSv1 : 1);

 

cap3.png

Edited by meimeisi (see edit history)
Link to comment
Share on other sites

  • 4 weeks later...

Hello.

Having: prestashop v. 1.6.0.9 ; paypal module v. 3.8.1; and hosting www.altervista.org

 

Altervista seems using connection of protocol TLS 1.0 and I have created 

 

I can't obtain payment with paypal (both full option and express checkout) in my test experiments using both Google Chrome and Mozilla Firefox browser.

 

The razon is: "this page includes script from unauthenticated source" with a grey shield in the left part of browser bar.

 

I try to uninstall the paypal module, and reinstall it, but the same issue. I try to change the permission for folders, subfolders and files of paypal module, but the same issue.  

 

My ecommerce site is under construction and in october I try to use paypal module without SSL (unable at that period on my hosting platform) and I haven't had problem. All was positive. Now I have the errors descripted above.

 

Please could anyone help me for that horrible problem? I thought to start my ecommerce in January but now I am very downhearted.

 

Thanks in advance. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...