Jump to content
anne101

Paypal update from SSL 3.0 to TLS

Recommended Posts

PayPal  Merchant Technical Services merchant centre contacted me today.  They said there is a  Poodle vulnerability issue so are cancelling SSL3.0 and changing to TLS on dec 3rd. They said I need to contact my ecommerce platform providers to ensure there is no problem. Is there anything which needs changing or adapting before this happens?

  • Like 1

Share this post


Link to post
Share on other sites

Might be a good idea from some at Prestashop to let everyone know whether PayPal disabling SSL 3.0 is going to have an impact on the PayPal module. It's going to be disabled on the 3rd December.

Edited by Pete Nice (see edit history)
  • Like 2

Share this post


Link to post
Share on other sites

Thanks for your replies. If prestashop do not reply to email I might try to call them. Cheers Anne

Share this post


Link to post
Share on other sites

I think I managed to implement the solution for Prestashop 1.6.0.9, module PayPal v3.7.2 for Express checkout using API. I'm not sure whether this will work for everyone or not, but it seems to be working for me. Note that you need to test using SANDBOX where Paypal has implemented this new change and NOT testing using paypal live site. I could see the difference when testing using SANDBOX - i got an error message in my checkout initially when clicking 'pay with paypal' and after implementing this, i could go through the checkout successfully with no error page.

 

Based on this instruction: https://ppmts.custhelp.com/app/answers/detail/a_id/1191

I modified this file:

modules/paypal/api/paypal_connect.php

line 88 - change number 3 to 4 for CURLOPT_SSLVERSION:

from: @curl_setopt($ch, CURLOPT_SSLVERSION, 3);

to @curl_setopt($ch, CURLOPT_SSLVERSION, 4);

 

IMPORTANT - You would need to TEST this using Paypal Sandbox to see if it's working for your site:

1. Create a sandbox business/merchant account: https://developer.paypal.com/webapps/developer/applications/accounts and insert the sandbox merchant API credentials in your prestashop paypal module config

2. Also in your paypal module config: Use a Sandbox > set to 'test mode'  - to activate sandbox

3. Clear your prestashop cache: performance > advanced parameters > smarty > force compilation & cache: No

4. Try going through checkout to test - if you can reach paypal page successfully, that means it seems to be working. Otherwise you wouldn't even reach paypal page and see an error message

5. Don't forget to revert everything back except for the paypal_connect.php file

6. Test your checkout again in live site environment to make sure everything works properly

  • Like 2

Share this post


Link to post
Share on other sites

Ok. Great thanks for your help! I will try it and let you know if it works for me.

 

Cheers

Anne

  • Like 1

Share this post


Link to post
Share on other sites

Well, the changes will not be made until december 3, so testing now is a non sense.... My shop´s paypal as of today is working fine

 

Duh, that's why we are testing using SANDBOX as per Paypal instructions. Live site won't be affected until 3rd Dec, but Sandbox already has this change implemented for those who want to get prepared early.

Share this post


Link to post
Share on other sites

I have not tried it yet. But paypal has removed SSL3.0 from sandbox. This means TLS can be tested now to ensure any changes you make work correctly

Share this post


Link to post
Share on other sites

Hi, this is my Paypal config page on my site, its all jumbled up, always has been. Do I have a Sandbox option? Live mode accepts payment now, test mode doesnt at all - will this work when things change?

 

 

 

1119-3262.jpg

Share this post


Link to post
Share on other sites

Which version of ps are you using?

Sandbox is the test mode, so if you cannot use it, it probably means that you are affected by the paypal message. Which version of paypal module are you using?

Share this post


Link to post
Share on other sites

I think the really needed action is just to remove this option:

 

@curl_setopt($ch, CURLOPT_SSLVERSION, 3);

 

and it doesn't occur in very old versions of the PayPal module.

Share this post


Link to post
Share on other sites

There are more PayPal modules. Just search for CURLOPT_SSLVERSION

  • Like 1

Share this post


Link to post
Share on other sites

Hi,

 

I got same email from Paypal. We're on PrestaShop™ 1.5.6.0 and was wondering if changing from 3 to 4 on the fix mentioned above will start working on live from now. Even tough they haven't removed 3.0 from live yet does it work with 4 already?

Anyone tried this fix on 1.5.6.0?

 

Thanks

Share this post


Link to post
Share on other sites

You force CURL to use one of SSL/TLS versions when you have set CURLOPT_SSLVERSION.

 

To my mind, after removing this option, the server will find its way together with PayPal. No longer a problem.

Edited by tuk66 (see edit history)

Share this post


Link to post
Share on other sites

i am currently using PS1.5.4 with paypal 3.5.5

could anyone assist how should i manage the setting? 

thank you so much

Share this post


Link to post
Share on other sites

I think I managed to implement the solution for Prestashop 1.6.0.9, module PayPal v3.7.2 for Express checkout using API. I'm not sure whether this will work for everyone or not, but it seems to be working for me. Note that you need to test using SANDBOX where Paypal has implemented this new change and NOT testing using paypal live site. I could see the difference when testing using SANDBOX - i got an error message in my checkout initially when clicking 'pay with paypal' and after implementing this, i could go through the checkout successfully with no error page.

 

Based on this instruction: https://ppmts.custhelp.com/app/answers/detail/a_id/1191

I modified this file:

modules/paypal/api/paypal_connect.php

line 88 - change number 3 to 4 for CURLOPT_SSLVERSION:

from: @curl_setopt($ch, CURLOPT_SSLVERSION, 3);

to @curl_setopt($ch, CURLOPT_SSLVERSION, 4);

 

IMPORTANT - You would need to TEST this using Paypal Sandbox to see if it's working for your site:

1. Create a sandbox business/merchant account: https://developer.paypal.com/webapps/developer/applications/accounts and insert the sandbox merchant API credentials in your prestashop paypal module config

2. Also in your paypal module config: Use a Sandbox > set to 'test mode'  - to activate sandbox

3. Clear your prestashop cache: performance > advanced parameters > smarty > force compilation & cache: No

4. Try going through checkout to test - if you can reach paypal page successfully, that means it seems to be working. Otherwise you wouldn't even reach paypal page and see an error message

5. Don't forget to revert everything back except for the paypal_connect.php file

6. Test your checkout again in live site environment to make sure everything works properly

 

Hi, thanks for sharing. I have changed the "3" to "4" from the paypal_connect

 

When i checked out from website as customer after the above modification, i could enter paypal page and proceed with payment as usual. However, when i tested website to check out from sandbox mode, i have issue to pay. It will never lead me to paypal page at all. Is that normal and fine? Because i could still receive payment on Live Mode.

Please advise and share with me if there is anything i have missed out during modification. Thank you

Share this post


Link to post
Share on other sites

live mode has not yet been discontinued, only sandbox test mode, so i think that the problem is still on...on your module...

 

hi, may i know if there is something i could do? i have modified the "3" to "4" from paypal_connect

Share this post


Link to post
Share on other sites

Just found this email for one site I look after...
    
Prestashop version: 1.4.7.3
PayPal module: v2.8.6

Live site is fine for now... naturally, so tested in Sandbox mode and receive the following error:

    PayPal response:
    TIMESTAMP -> 2014-11-12T15:14:56Z
    L_ERRORCODE0 -> 10002
    L_SHORTMESSAGE0 -> Security error
    L_LONGMESSAGE0 -> Security header is not valid
    L_SEVERITYCODE0 -> Error
    PayPal returned error
    

Taking a look at /modules/paypal/api/paypal_connect.php  I can't find the line:

    @curl_setopt($ch, CURLOPT_SSLVERSION, 3);


Closest I can see is one of these:


    @curl_setopt($ch, CURLOPT_POST, true);
    @curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
    @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    @curl_setopt($ch, CURLOPT_HEADER, false);
    @curl_setopt($ch, CURLOPT_TIMEOUT, 30);
    @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
    @curl_setopt($ch, CURLOPT_VERBOSE, true);


In another site I manage Prestashop version: 1.5.3.1 & PayPal module: v3.5.5 I CAN see the line:

    @curl_setopt($ch, CURLOPT_SSLVERSION, 3);

    
So, I'm thinking... do I add the following line to the Prestashop version: 1.4.7.3 site and amend the Prestashop version: 1.5.3.1 one which does have the line to 4:

    @curl_setopt($ch, CURLOPT_SSLVERSION, 4);
    

Hope that makes sense... just thought I'd put this out there to see what the gurus think... I don't want to break anything :)

Share this post


Link to post
Share on other sites

CURLOPT_SSLVERSION means to force some SSL/TLS version. You don't need to force it. Leave it as is.

Share this post


Link to post
Share on other sites

Paypal told me to contact Prestashop because they have update module which supports TLS. So where the hell is this module ?

  • Like 2

Share this post


Link to post
Share on other sites

This line. as it is in the last stable version of the Paypal module,

@curl_setopt($ch, CURLOPT_SSLVERSION, 3);

will curently work with Live Mode but not with Test mode. Thats because SSL3 is already deacivated in the Test Mode from Paypal. From the 3rd of december on SSL3 will also be deactivated in Live Mode and replaced with TLS.

 

There are several solutions to make the Test Mode work. One of them is to replace this above line with

@curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_DEFAULT);

I cant tell you if this solution is also applicable for the Live Mode from the 3.12 onwards.

 

As tuk66 mentioned, deleting the whole line, should force the module to use auto-negotiation of the SSL version.

 

Also to mention is that "CURLOPT_SSLVERSION, 4" will not work on some old php/curl versions. So be aware of this.

 

But indeed the PrestaShop team should give some input here.

 

 

EDIT:

Just had a look at the PayPal github page, and it seems like they just released an update for the API LINK.

They are using from now on these lines:

CURLOPT_SSL_CIPHER_LIST, TLSv1
CURLOPT_SSLVERSION, 1

There is also a merchant guide for this issue handed out by Paypal LINK

And a topic in the PayPal subforum here on Prestashop LINK

 

And a link to the solution page from PayPal LINK all fixes are mentioned here.

Edited by thepan (see edit history)
  • Like 2

Share this post


Link to post
Share on other sites

In laymans terms what does all this actually mean for my online store  that is currently handling 50 or 60 orders a day via paypal ?

  • Like 1

Share this post


Link to post
Share on other sites

I'm using PS 1.5.6.2 and PayPal module version 3.6.6 (3.6.5 on another shop)

 

So, should I use this new code on my PayPal API?

 

new code in red.

 

@curl_setopt($ch, CURLOPT_POST, true);
@curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@curl_setopt($ch, CURLOPT_HEADER, false);
@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
@curl_setopt($ch, CURLOPT_SSLVERSION, 1);
@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
@curl_setopt($ch, CURLOPT_VERBOSE, true);

Share this post


Link to post
Share on other sites

Hi, thanks for sharing. I have changed the "3" to "4" from the paypal_connect

 

When i checked out from website as customer after the above modification, i could enter paypal page and proceed with payment as usual. However, when i tested website to check out from sandbox mode, i have issue to pay. It will never lead me to paypal page at all. Is that normal and fine? Because i could still receive payment on Live Mode.

Please advise and share with me if there is anything i have missed out during modification. Thank you

 

Hi Meimeisi,

 

Did you change 2 things when testing?

 

Change these 2 things in your prestashop paypal module config:

 

1. You have to use a sandbox merchant account API instead of using your real API when testing.

Create a sandbox merchant account - and insert the API credentials into the paypal module:

https://developer.paypal.com/docs/classic/lifecycle/sb_create-accounts/

 

2. Use a Sandbox > set to 'test mode'

 

Then try ordering something, and see if the error is still there.

Share this post


Link to post
Share on other sites

Hi all,

In the paypal_connect.php file commented out the SSL line as below.

Sandbox and live tested and everything seems ok.

Hope this helps

 

@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

@curl_setopt($ch, CURLOPT_HEADER, false);
@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
/*@curl_setopt($ch, CURLOPT_SSLVERSION, 3);*/
@curl_setopt($ch, CURLOPT_VERBOSE, false);

 

 

  • Like 1

Share this post


Link to post
Share on other sites

 

I'm using PS 1.5.6.2 and PayPal module version 3.6.6 (3.6.5 on another shop)

 

So, should I use this new code on my PayPal API?

 

new code in red.

 

 
@curl_setopt($ch, CURLOPT_POST, true);
@curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@curl_setopt($ch, CURLOPT_HEADER, false);
@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
@curl_setopt($ch, CURLOPT_SSLVERSION, 1);
@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
@curl_setopt($ch, CURLOPT_VERBOSE, true);

 

could someone assist for this? thank you.

Share this post


Link to post
Share on other sites

Hi,

 

I just fired up my test shop which hasn't been touched in months 1.5.6.1 paypal 3.6.1 and payments to sandbox weren't working. Changed the file with:

@curl_setopt($ch, CURLOPT_SSLVERSION, 1);

@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
 
Now Sandbox test payments working again.
Changed site to Live and live credentials and still works :)
 
If it's any help to anyone.
  • Like 1

Share this post


Link to post
Share on other sites

 

Hi,

 

I just fired up my test shop which hasn't been touched in months 1.5.6.1 paypal 3.6.1 and payments to sandbox weren't working. Changed the file with:

@curl_setopt($ch, CURLOPT_SSLVERSION, 1);

@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
 
Now Sandbox test payments working again.
Changed site to Live and live credentials and still works :)
 
If it's any help to anyone.

 

Cool!! Thanks for the information.

 

I did that too and both live and sandbox test are working. The website could direct me to paypal page for checkout.

Thank you so much.

Share this post


Link to post
Share on other sites

 

Hi all,

In the paypal_connect.php file commented out the SSL line as below.

Sandbox and live tested and everything seems ok.

Hope this helps

 

@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

@curl_setopt($ch, CURLOPT_HEADER, false);
@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
/*@curl_setopt($ch, CURLOPT_SSLVERSION, 3);*/
@curl_setopt($ch, CURLOPT_VERBOSE, false);

 

i tried this earlier but it does not work for my shop.

Share this post


Link to post
Share on other sites

Hi Meimeisi,

 

Did you change 2 things when testing?

 

Change these 2 things in your prestashop paypal module config:

 

1. You have to use a sandbox merchant account API instead of using your real API when testing.

Create a sandbox merchant account - and insert the API credentials into the paypal module:

https://developer.paypal.com/docs/classic/lifecycle/sb_create-accounts/

 

2. Use a Sandbox > set to 'test mode'

 

Then try ordering something, and see if the error is still there.

 

Hi, i have no idea of that. But both of live mode and sandbox mode are working perfectly. I have changed the file as follow (red).

Thank you

 

@curl_setopt($ch, CURLOPT_POST, true);
@curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@curl_setopt($ch, CURLOPT_HEADER, false);
@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
@curl_setopt($ch, CURLOPT_SSLVERSION, 1);
@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
@curl_setopt($ch, CURLOPT_VERBOSE, true);

Share this post


Link to post
Share on other sites

oh, i forgot to ask if we still need to update our Paypal API credential after the upgrade?

Share this post


Link to post
Share on other sites
So if I place this code: 

@curl_setopt($ch, CURLOPT_SSLVERSION, 1);

@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');

 

 

In the space of the code bellow, I fix the problem?:: 

 

curl_setopt($ch, CURLOPT_VERBOSE, 0);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

 

 

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

curl_setopt($ch, CURLOPT_POST, true);

curl_setopt($ch, CURLOPT_POSTFIELDS, 'PARTNER='.urlencode(Configuration::get('PAYPAL_USA_MANAGER_PARTNER')).'&VENDOR='.urlencode

Edited by Anthony DeLa Riviere (see edit history)

Share this post


Link to post
Share on other sites

FYI I received a response on Twitter from Prestashop who said they were looking into a solution to this.

Share this post


Link to post
Share on other sites

Hi all!

 

2 options:

 

1-wait for a paypal module update

2-follow the instruction given on the links inside the message sent by paypal (need an expert for this)

 

Option #1 is the best option, as we will make an update available for the PayPal module early next week. It's being developed as we speak.

 

Option #2 might work for the most skilled but we seriously advide that you wait for our update.

 

Thanks!

  • Like 2

Share this post


Link to post
Share on other sites

Hi all!

 

 

Option #1 is the best option, as we will make an update available for the PayPal module early next week. It's being developed as we speak.

 

Option #2 might work for the most skilled but we seriously advide that you wait for our update.

 

Thanks!

That's awesome. However i am afraid of the new bug for new paypal module. So can i check with you if i would be fine to stick with old module with new api content as follows?

 

new code in red.

 

 
@curl_setopt($ch, CURLOPT_POST, true);
@curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@curl_setopt($ch, CURLOPT_HEADER, false);
@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
@curl_setopt($ch, CURLOPT_SSLVERSION, 1);
@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
@curl_setopt($ch, CURLOPT_VERBOSE, true);

 

It works fine for me. Hope to hear from you soon.

 

Thank you

Share this post


Link to post
Share on other sites

Hi,

 

I got same email from Paypal. We're on PrestaShop™ 1.5.6.0 and was wondering if changing from 3 to 4 on the fix mentioned above will start working on live from now. Even tough they haven't removed 3.0 from live yet does it work with 4 already?

Anyone tried this fix on 1.5.6.0?

 

Thanks

 

I tried this on Prestashop 1.5.4 (test and real mode) and 1.6 (test mode), it works good :

 

In modules\paypal\api\paypal_connect.php

replace line 84

-- @curl_setopt($ch, CURLOPT_SSLVERSION, 3);

by

++ @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');

Share this post


Link to post
Share on other sites

Does someone knows about the PayPal Pro module wich accepts credit cards on the merchant website instead of redirecting to PayPal website?  Do we have to replace code?

 

We have looked in the PayPal Pro module's code and can't find any occurence of "CURLOPT_SSLVERSION" to replace.

 

We have searched on PrestaShop Addons to see if there is an updated version and the module doesn't seem to be there anymore.

 

Anyone got a clue on this?

 

Thank you

Share this post


Link to post
Share on other sites

Hi everybody, 

Thank you for your interest in our module.

 

We have seen recently the following problem:

 the SSL v3 issue (also known as POODLE) was identified on October 14, PayPal has been hard at work to mitigate any potential impact to our customers and has thus decided to completely disable SSL 3.0 support on December 3, 2104 at 12:01 a.m. Pacific Standard Time.

 

POODLE is an internet security vulnerability that impacts the Secure Sockets Layer (SSL) 3.0 protocol, which was designed to ensure secure connections when surfing on the Internet.

 

As a consequence all PayPal merchant customers using PrestaShop will need to update their PayPal integration by upgrading their PayPal module on PrestaShop before December 3rd, 2014 in order to disable SSL 3.0 for their client interactions.

 

This update will be available on Tuesday November 18th, 2014 on Addons (version 3.8.0 to come).

Please make sure to upgrade your module on the latest version once available.

 

If you do not upgrade your PayPal module on PrestaShop by this date, you may face interruptions to your ability to accept payments with PayPal.
 
To make sure your integration is protected against this vulnerability and to keep accepting PayPal payments beyond this date, you need to upgrade your PayPal module to version 3.8.0 by following these steps: 
 
 
Users of version 1.5 and 1.6 of PrestaShop

1. Go to PrestaShop back office in the list of modules installed

2. Click on the « Update it » button next to PayPal module  

 
en-pp1.png
 
The upgrade to version 3.8.0 will then complete.  If it doesn’t, please follow the steps below. 
 
Users of version 1.4 of PrestaShop
 

1. Go to the PrestaShop Addons website  and download the latest version of the PayPal module (version 3.8.0)

2. You need to carry out a manual update of the module. Please go to the “Modules” section in the Back Office of your store 

3. Click on “Upload the module from your computer” , you should get the screen below: 

 

 

en-pp.png

 

4. Insert the downloaded file in zip format

5. Click on « Upload this module »

The upgrade to version 3.8.0 will then complete.

 

We make every effort to help you as quickly as possible and we apologize for any inconvenience due to this problem.

 

Regards, 

202 ecommerce.

  • Like 2

Share this post


Link to post
Share on other sites

what if iI'm using  the standard paypal version 3.4.8 and not the USA, Canada version. do i still need to do this change ?

 

Share this post


Link to post
Share on other sites

Hi,

I'm using prestashop 1.4.4.1 for my web store www.waterfilterforfridge.com.au and I'm using Paypal as the payment system for my online store.

 

However, they will disable the SSL 3.0 in December and I need to update SSL3.0 to TLS.

 

I read through forums and found out that there are 2 ways to solve this problem.

 

option #1. wait for the new version of paypal to be released (released on tuesday 18th november)

option #2. manually develop your older version of paypal to TLS.

 

I'm not a developer, so I avoid going through option #2, even with any guides provided with paypal. (they provided with pdf file guide lines but I have no knowledge in developing modules.)

 

Therefore I've waited the new version of paypal module to release and they only released the EUROPE version of paypal (3.8.0).

 

My webstore is based in Australia (Oceania) and if I use the Europe version of Paypal 3.8.0, I was told by Paypal that I may have to provide necessary information like your Australia account in order to verify my account. In example Social numbers, Confirm my bank account and others.

 

They said it's best to contact Prestashop, as the module was prepared by Prestashop.

 

I was wondering if they are going to release the module for Australia (Oceania) soon? or What are my options now?

 

Can anybody advice me?

 

Thanks.

 

Regards,

 

Reina.

  • Like 1

Share this post


Link to post
Share on other sites

Hi,

 

Yes I am based in Australia too.

 

Is this going to be a problem for me with the new paypal update?

 

Thanks

Anne

Share this post


Link to post
Share on other sites

Curious about the progress on this one. Subbing. If anyone has tested It would be good to hear about it.

Share this post


Link to post
Share on other sites

Currently using PayPal module 3.4.1 Prestashop version 1.5.2 

I'm not seeing an  update button on the pay pal module and I didn't see the paypal module in addons.

I see the one for PayPal Europe   but not an update for those of us not in Europe using the generic module just named PayPal module. Where do I get the update?

  • Like 3

Share this post


Link to post
Share on other sites

thank you Kevin - I found the English version of the link you posted it has a link to another module for use in the US that module has not been updated since 8/19/2014

Share this post


Link to post
Share on other sites

Sorry maybe I am out of topic.

There is some one can provide me a zip file paypal module 3.4.4 or link for download please?

I had before the 3.4.4. version, I updated to 3.7.2 first and after to 3.8, but i am having problem with 

 

PHP Fatal error: Call to a member function getPageLink() on a non-object in /home/xxxxxx/public_html/classes/Mail.php on line 251

 

I tried to fix this problem without succesful and therefore I wanna restore the old paypal module version but it's not simple find it on internet.

 

my p mail is zucca25 at hotmail dot com

 

thank you in advance

Share this post


Link to post
Share on other sites

I use Prestashop 1.4.4.1 after you upgrade of Paypal Module to version 3.8.0 I find the following notice in modules tab:

 

" - PayPal - In order to use the module you need to install the backward compatibility"

 

how can I fix it? I don't know if I've problems with transactions

thanks

Share this post


Link to post
Share on other sites

Post #49 stated

This update will be available on Tuesday November 18th, 2014 on Addons (version 3.8.0 to come).

Please make sure to upgrade your module on the latest version once available.

 

If you do not upgrade your PayPal module on PrestaShop by this date, you may face interruptions to your ability to accept payments with PayPal.
 
To make sure your integration is protected against this vulnerability and to keep accepting PayPal payments beyond this date, you need to upgrade your PayPal module to version 3.8.0 by following these steps: 
 
 
Users of version 1.5 and 1.6 of PrestaShop

1. Go to PrestaShop back office in the list of modules installed

2. Click on the « Update it » button next to PayPal module  

 
en-pp1.png
 
 
 
 
It is now Nov 21 and I still don't see this update.  When will this be available for the PayPal module - i only see the paypal europe module
I really don't like to modify the code my self
  • Like 1

Share this post


Link to post
Share on other sites

Hi all,

 

Same problem here, I have received a message from paypal and from Prestashop that advise me to upgrade the paypal module, I see there is an upgraded version 3.8.0 of the module on prestashop addons but there is no update button in prestashop backoffice. I have Prestashop version 1.6.0.9 and Paypal module version 3.7.2. It may be fortuity but since I upgrade Prestashop from version 1.6.0.5 to 1.6.0.9 I haven't received module updates any more. Perhaps a bug or something else? I need to update my Paypal module manually?

 

Thanks for help and replies

 

brennino

 

 

 

Post #49 stated

This update will be available on Tuesday November 18th, 2014 on Addons (version 3.8.0 to come).

Please make sure to upgrade your module on the latest version once available.

 

If you do not upgrade your PayPal module on PrestaShop by this date, you may face interruptions to your ability to accept payments with PayPal.
 
To make sure your integration is protected against this vulnerability and to keep accepting PayPal payments beyond this date, you need to upgrade your PayPal module to version 3.8.0 by following these steps: 
 
 
Users of version 1.5 and 1.6 of PrestaShop

1. Go to PrestaShop back office in the list of modules installed

2. Click on the « Update it » button next to PayPal module  

 
en-pp1.png
 
 
 
 
It is now Nov 21 and I still don't see this update.  When will this be available for the PayPal module - i only see the paypal europe module
I really don't like to modify the code my self

 

Share this post


Link to post
Share on other sites

Hello!

 
I installed this module and can confirm that it does not work!
 
Do more error.
 
 
Regards
 
MacRoy

Share this post


Link to post
Share on other sites

Hi! I have version 1.4.9 ... someone who has this version has already tried to make the changes recommended by paypal?
 
Users of version 1.4 of PrestaShop
1- Go to the PrestaShop Addons website and download the latest version of the PayPal module (version 3.8.0)
 
2- You need to carry out a manual update of the module. Please go to the “Modules” section in the Back Office of your store
 
3- Click on “Upload the module from your computer”
 
4- Insert the downloaded file in zip format
 
5- Click on « Upload this module »
 
The upgrade to version 3.8.0 will then complete. 
 
 
Thanks  :) 

Edited by elfetta84 (see edit history)

Share this post


Link to post
Share on other sites

Ho installato la Paypal 3.8.0 e utilizzo PS 1.4.4.1

 

a quanto ho capito questo aggiornamento di Paypal si porta dietro un bug naco con aggiornamento 3.6 e mai risolto che noi che utilizziamo Prestashop 1.4 non avevamo. Il probema è serio, perchè con questo nuovo aggiornamento si offrono le spedizioni gratis a random. Se ne parla qui

http://www.prestashop.com/forums/topic/311094-problemi-col-campo-provincia-quando-si-iscrive-un-cliente/

 

Spero si risolva, nel giro di 2 giorni ho dato via già 2 spedizioni "omaggio" senza alcuna promozione in corso  :wacko:

Share this post


Link to post
Share on other sites

There's any update on why with PS 1.6 and PayPal 3.7.2 there's no update available notification... How can we update the module?

Share this post


Link to post
Share on other sites

There's any update on why with PS 1.6 and PayPal 3.7.2 there's no update available notification... How can we update the module?

download the module from the addons store.

Share this post


Link to post
Share on other sites

Hi everyone,

 

I'm kind of lost here.  I am using Paypal USA Canada module 1.3.4 (on PS 1.6.0.8) and I can't find the API folder everyone is referring to. (There is no such folder in the module)  I received an email directly from Paypal informing me that my shop WILL BE affected on December 3rd.  Yet I can't find anywhere a fix for my module.

I prefer NOT to upgrade my module because everytime I did in the past, it was a total mess.

 

Please help !!!

 

Carly

Share this post


Link to post
Share on other sites

The following code is the closest to the one everyone is talking about and it's located in my Paypal.php file.  Can anyone let me know what I should be changing or adding ?  I also saw this code in other files in the module - should I be changing those as well?

 

Thanks in advance

 

$ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, 'https://api-3t..(Configuration::get(PAYPAL_USA_SANDBOX') ? 'sandbox.' : '').'paypal.com/nvp');
  curl_setopt($ch, CURLOPT_VERBOSE, 0);
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_POSTFIELDS, 'METHOD='.urlencode($method_name).'&VERSION=98&PWD='.urlencode(Configuration::get('PAYPAL_USA_API_PASSWORD')).'&USER='.urlencode(Configuration::get('PAYPAL_USA_API_USERNAME')).'&SIGNATURE='.urlencode(Configuration::get('PAYPAL_USA_API_SIGNATURE')).$params.'&BUTTONSOURCE=PrestashopUS_Cart');
  $response = curl_exec($ch);
  curl_close($ch);

Share this post


Link to post
Share on other sites

It seems the Paypal USA module is not affected, though it’s not been confirmed yet (I will update about it as soon as I know more) - See more

Share this post


Link to post
Share on other sites

Thanks KevinNash for your reply.

 

The link you are referring to clearly saids that the Paypal USA module hasn't been checked yet.

 

I don't understand then that Paypal would send me the email to update my connection if there is no issue.  I really think there is.

 

Unfortunately, it seems to me that because less people use the Paypal USA Canada module (vs. the Europe one), it is less of a priority.  We're 10 days away from the date that the Paypal module might become unusable and it's a critical part of the website.  I find it a little alarming that there is no clear answer. 

 

If anyone has some info - Please help !

Share this post


Link to post
Share on other sites

Hello,

 

The PayPal USA module is not impacted by Poodle. All PrestaShop merchants using the PayPal USA module can ignore the alert we issued for the PayPal Europe module.

 

PayPal USA does not force the use of SSL v3. So whatever your config is, you're good :)

  • Like 1

Share this post


Link to post
Share on other sites

I tried this on Prestashop 1.5.4 (test and real mode) and 1.6 (test mode), it works good :

 

In modules\paypal\api\paypal_connect.php

replace line 84

-- @curl_setopt($ch, CURLOPT_SSLVERSION, 3);

by

++ @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');

my modification

 

            @curl_setopt($ch, CURLOPT_POST, true);

            @curl_setopt($ch, CURLOPT_POSTFIELDS, $body);

            @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

            @curl_setopt($ch, CURLOPT_HEADER, false);

            @curl_setopt($ch, CURLOPT_TIMEOUT, 30);

            @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

            @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

            @curl_setopt($ch, CURLOPT_SSLVERSION, 1);

            @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');

            @curl_setopt($ch, CURLOPT_VERBOSE, true);

 

So far seems ok.

  • Like 1

Share this post


Link to post
Share on other sites

Hello,

 

The PayPal USA module is not impacted by Poodle. All PrestaShop merchants using the PayPal USA module can ignore the alert we issued for the PayPal Europe module.

 

PayPal USA does not force the use of SSL v3. So whatever your config is, you're good :)

hi, am i fine without upgrading the paypal module but i changed my paypal api as follow,

 

            @curl_setopt($ch, CURLOPT_POST, true);

            @curl_setopt($ch, CURLOPT_POSTFIELDS, $body);

            @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

            @curl_setopt($ch, CURLOPT_HEADER, false);

            @curl_setopt($ch, CURLOPT_TIMEOUT, 30);

            @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

            @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

            @curl_setopt($ch, CURLOPT_SSLVERSION, 1);

             @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');

            @curl_setopt($ch, CURLOPT_VERBOSE, true);

 

Please advise.

Share this post


Link to post
Share on other sites

I have 2 websites with prestashop version 1.5.6.2 and 1.3.1.1.

 

On 1.5.6.2 I updated my paypal module to 3.8 just like it was mentioned on Paypal's email. So now am I done? Is there anything else to do?

 

On 1.3.1.1 I am using paypalAPI version 1 and I have an option of Paypal version 1.6. Now on this website, what should I do? Paypal 3.8 is not compatible with version 1.3.1.1 to upgrade the module.

Share this post


Link to post
Share on other sites

it's the 26th Nov and I still cannot see ay update module available in my backend.

I am not a tech and would like to just update the module provide by Prestashop.

Can someone please let me know when is it available?

 

I went to the add on shop but only the Europe version is available!!

 

my prestashop version is 1.5.4.1

 

thanks ...it's getting close to 3rd Dec now...

Share this post


Link to post
Share on other sites

I went to the add on shop but only the Europe version is available!!

 

And only the PayPal Europe module is impacted :)

 

Hello,

 

The PayPal USA module is not impacted by Poodle. All PrestaShop merchants using the PayPal USA module can ignore the alert we issued for the PayPal Europe module.

 

PayPal USA does not force the use of SSL v3. So whatever your config is, you're good :)

Share this post


Link to post
Share on other sites

good morning to all,

This message has not arrived to my shops that use the module in version v1.7.1.

Where the file code is as follows:

$this->_logs[] = $this->l('Connect with CURL method sucessfull');
			$this->_logs[] = '<b>'.$this->l('Sending this params:').'</b>';
			$this->_logs[] = $body;
			@curl_setopt($ch, CURLOPT_URL, 'https://'.$url);
			@curl_setopt($ch, CURLOPT_POST, true);
			@curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
			@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
			@curl_setopt($ch, CURLOPT_HEADER, false);
			@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
			@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
			@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
			@curl_setopt($ch, CURLOPT_VERBOSE, true);
			$result = @curl_exec($ch);
			if (!$result)
				$this->_logs[] = $this->l('Send with CURL method failed ! Error:').' '.curl_error($ch);
			else
				$this->_logs[] = $this->l('Send with CURL method sucessfull');
			@curl_close($ch);


This variation TSL also affects older versions of Prestashop?

 
In this case what should I change?
Why it is not possible at this time to perform an update module of prestashop 1 .3

Thank you for your help

Share this post


Link to post
Share on other sites

Hi!

 

The European module version is 3.8.1

 

 

Regards

 

MacRoy

Share this post


Link to post
Share on other sites

good morning to all,

 

This message has not arrived to my shops that use the module in version v1.7.1.

 

Where the file code is as follows:

$this->_logs[] = $this->l('Connect with CURL method sucessfull');
			$this->_logs[] = '<b>'.$this->l('Sending this params:').'</b>';
			$this->_logs[] = $body;
			@curl_setopt($ch, CURLOPT_URL, 'https://'.$url);
			@curl_setopt($ch, CURLOPT_POST, true);
			@curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
			@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
			@curl_setopt($ch, CURLOPT_HEADER, false);
			@curl_setopt($ch, CURLOPT_TIMEOUT, 30);
			@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
			@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
			@curl_setopt($ch, CURLOPT_VERBOSE, true);
			$result = @curl_exec($ch);
			if (!$result)
				$this->_logs[] = $this->l('Send with CURL method failed ! Error:').' '.curl_error($ch);
			else
				$this->_logs[] = $this->l('Send with CURL method sucessfull');
			@curl_close($ch);

This variation TSL also affects older versions of Prestashop?

 
In this case what should I change?

Why it is not possible at this time to perform an update module of prestashop 1 .3

Thank you for your help

Your version not uses the sslv3 protocol, no changes required.

Share this post


Link to post
Share on other sites

Hi,

 

I'm using 1.4.7.0 with "paypal with fees" modul. Could you check please if i need to change something on paypalconnect.php ?

I can't find those lines to change mentioned here:

http://www.prestashop.com/forums/topic/380185-paypal-modification-ssl-v3-to-tls/

 

Thanks

 

 

 

<?php

class PayPalConnect extends Paypal
{
    private    $_logs = array();

    public function makeConnection($host, $script, $body, $simple_mode = false)
    {
        $this->_logs[] = $this->l('Making new connection to').' \''.$host.$script.'\'';
        if (function_exists('curl_exec'))
            $return = $this->_connectByCURL($host.$script, $body);
        if (isset($return) AND $return)
            return $return;
        $tmp = $this->_connectByFSOCK($host, $script, $body);
        if (!$simple_mode || !preg_match('/[A-Z]+=/', $tmp, $result))
            return $tmp;
        $pos = strpos($tmp, $result[0]);
        $body = substr($tmp, $pos);
        return $body;
    }

    public function getLogs()
    {
        return $this->_logs;
    }

    /************************************************************/
    /********************** CONNECT METHODS **********************/
    /************************************************************/

    private function _connectByCURL($url, $body)
    {
        $ch = @curl_init();
        if (!$ch)
            $this->_logs[] = $this->l('Connect failed with CURL method');
        else
        {
            $this->_logs[] = $this->l('Connect with CURL method successful');
            $this->_logs[] = '<b>'.$this->l('Sending this params:').'</b>';
            $this->_logs[] = $body;

            @curl_setopt($ch, CURLOPT_POST, true);
            @curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
            @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            @curl_setopt($ch, CURLOPT_HEADER, false);
            @curl_setopt($ch, CURLOPT_TIMEOUT, 30);
            @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
            @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
            @curl_setopt($ch, CURLOPT_VERBOSE, true);
            $result = @curl_exec($ch);
            if (!$result)
                $this->_logs[] = $this->l('Send with CURL method failed ! Error:').' '.curl_error($ch);
            else
                $this->_logs[] = $this->l('Send with CURL method successful');
            @curl_close($ch);
        }
        return (isset($result) ? $result : false);
    }

    private function _connectByFSOCK($host, $script, $body)
    {

        if (!$fp)
            $this->_logs[] = $this->l('Connect failed with fsockopen method');
        else
        {
            $header = $this->_makeHeader($host, $script, strlen($body));
            $this->_logs[] = $this->l('Connect with fsockopen method successful');
            $this->_logs[] = $this->l('Sending this params:').' '.$header.$body;
            @fputs($fp, $header.$body);
            $tmp = '';
            while (!feof($fp))
                $tmp .= trim(fgets($fp, 1024));
            fclose($fp);
            $result = $tmp;
            if (!$result)
                $this->_logs[] = $this->l('Send with fsockopen method failed !');
            else
                $this->_logs[] = $this->l('Send with fsockopen method successful');
        }
        return (isset($result) ? $result : false);
    }

    private function _makeHeader($host, $script, $lenght)
    {
        $header =    'POST '.strval($script).' HTTP/1.0'."\r\n" .
                    'Host: '.strval($host)."\r\n".
                    'Content-Type: application/x-www-form-urlencoded'."\r\n".
                    'Content-Length: '.(int)($lenght)."\r\n".
                    'Connection: close'."\r\n\r\n";
        return $header;
    }
}
 

Edited by arimer (see edit history)

Share this post


Link to post
Share on other sites