Jump to content

Paypal poodle 3.0 SSL vulnerability e ora che si fa ?


cyber

Recommended Posts

Ciao amici oggi è arrivata una mail in cui paypal mi dice che il sistema ssl 3.0 è vecchio di 10 anni e va cambiato entro il 3 dicembre 2014.

 

la questione è seria e ci sono 2 opzioni, 

 

1) si attende l'aggiornamento di prestashop del modulo presta

 

2) si segue questa guida : ma funzionerà con la 1.5.x ? 

 

vi allego il documento in pdf paypal

 

I think I managed to implement the solution for Prestashop 1.6.0.9, module PayPal v3.7.2 for Express checkout using API. I'm not sure whether this will work for everyone or not, but it seems to be working for me. Note that you need to test using SANDBOX where Paypal has implemented this new change and NOT testing using paypal live site. I could see the difference when testing using SANDBOX - i got an error message in my checkout initially when clicking 'pay with paypal' and after implementing this, i could go through the checkout successfully with no error page.

 

Based on this instruction: https://ppmts.custhe...etail/a_id/1191

I modified this file:

modules/paypal/api/paypal_connect.php

line 88 - change number 3 to 4 for CURLOPT_SSLVERSION:

from: @curl_setopt($ch, CURLOPT_SSLVERSION, 3);

to @curl_setopt($ch, CURLOPT_SSLVERSION, 4);

 

IMPORTANT - You would need to TEST this using Paypal Sandbox to see if it's working for your site:

1. Create a sandbox business/merchant account: https://developer.pa...ations/accounts and insert the sandbox merchant API credentials in your prestashop paypal module config

2. Also in your paypal module config: Use a Sandbox > set to 'test mode'  - to activate sandbox

3. Clear your prestashop cache: performance > advanced parameters > smarty > force compilation & cache: No

4. Try going through checkout to test - if you can reach paypal page successfully, that means it seems to be working. Otherwise you wouldn't even reach paypal page and see an error message

5. Don't forget to revert everything back except for the paypal_connect.php file

6. Test your checkout again in live site environment to make sure everything works properly

Edited by cyber (see edit history)
Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...