Jump to content

PayPal Modification SSL V3 to TLS


202ecommerce

Recommended Posts

Update - Dec. 3, 2014:

PayPal disabled SSL 3.0 support today. All users of PayPal Europe for PrestaShop must update their PayPal module as soon as possible. If you need help making sure that your PayPal payment gateway is fully operational, please contact PayPal support at:

 
FR: 0800 942 850
UK : 0800 358 7911
ES : 900 801 665
IT : 800 975 345
DE : 0800 723 4500
BE : 0800 50855
 
202ecommerce, the official publisher for the PayPal Europe module, is also available for you at [email protected] or +33 (0)1 8362 4474.

 

 

Hi all, 

202 ecommerce is the official publisher of PayPal Europe module for PayPal account, we created this topic to help you with the transition to SSL worm TSL.

 
Caution: due to a bug report after updating the module 3.8 we saw that for people using a version of PrestaShop 1.4 and and smarty the module does not take into account some of the characters used in the module PayPal Version 3.8.
 

 

 

Since the SSL v3 issue (also known as POODLE) was identified on October 14, PayPal has decided to
completely disable SSL 3.0 support at 12:01 a.m. Pacific Standard Time on December 3, 2014. 
 
POODLE is an internet security vulnerability that impacts the Secure Sockets Layer (SSL) 3.0 protocol, 
which was designed to ensure secure connections when surfing on the Internet.
 
As a consequence all PayPal merchant customers using PrestaShop need to update their PayPal 
integration by upgrading their PayPal module on PrestaShop before December 3rd disable SSL 3.0 for their client interactions. 
 
If you do not upgrade your PayPal module on PrestaShop by this date, you may face interruptions to 
your ability to accept payments with PayPal.
 
To make sure your integration is protected against this vulnerability and to keep accepting PayPal 
payments beyond this date, you need to upgrade your PayPal module to version 3.8.0 by following 
these steps: 
 
Caution: The version PayPal Europe up to 2.8.6 are not concerned by this modification as the protocol used in the module is not forced. 
 
Users of version 1.5 and 1.6 of PrestaShop
1- Go to PrestaShop back office in the list of modules installed
2- Click on the « Update it » button next to PayPal module  
If this button doesn’t appear, please follow the same steps as the ones described below for “users of version 1.4 de PrestaShop”
 
en-pp1.png
 
The upgrade to version 3.8.0 will then complete.  If it doesn’t, please follow the steps below. 
 
Users of version 1.4 of PrestaShop
 

1. Go to the PrestaShop Addons website  and download the latest version of the PayPal module (version 3.8.0)

2. You need to carry out a manual update of the module. Please go to the “Modules” section in the Back Office of your store 

3. Click on “Upload the module from your computer” , you should get the screen below: 

 

 

en-pp.png

 

4. Insert the downloaded file in zip format

5. Click on « Upload this module »

The upgrade to version 3.8.0 will then complete.

 

Caution: If the message "Before using the module, you must install the compatibility Retro Module" appears after your being updated, thank you download and install the "Retro compatibility" module at this address:

http://addons.prestashop.com/en/administration-tools-prestashop-modules/6222-backward-compatibility.html

 

We make every effort to help you as quickly as possible and we apologize for any inconvenience due to this problem.

 

Regard, 

202 ecommerce

  • Like 7
Link to comment
Share on other sites

Hi, 

202 ecommerce is the official publisher of PayPal Europe module for PayPal account, we created this topic to help you with the transition to SSL worm TSL.

 

for people who use a higher or equal to the version of 2.8.7 version of PayPal Europe PrestaShop module and does not want to update, we recommend that you perform a manipulation on the module file to switch SSL to TLS.

 

1. Which version are concerned

The version up to 2.8.6 are not concerned by this modification as the protocol used in the module is not forced. All the module with a version greater or equal to 2.8.7 must do the modification

 

2. Modifications

 

1.1        File to change

The modification consists in changing two lines of codes in the module in the following file :

 

Version 2.8.7 :

/modules/paypal/api/paypalconnect.php

 

Version greater or equal to 3.0.9

         /modules/paypal/api/paypal_connect.php

 

 

1.2        Changes

 

1.2.1     First change

Find the line :

 

@curl_setopt($ch, CURLOPT_SSLVERSION,                 3);

or :

@curl_setopt($ch, CURLOPT_SSLVERSION, 3);

 

Replace this line with this new line :

 

@curl_setopt($ch,CURLOPT_SSLVERSION, defined(CURL_SSLVERSION_TLSv1) ? CURL_SSLVERSION_TLSv1 : 1);

 

cap3.png

 

3. Error possible

Once you have made the modification, try to make a payment.
If you have a screen with an error looking like this :

ecrant1.png

 

 

To see the errors, go to the paypal_connect.php file and add :

 

echo "<pre>";print_r($this->_logs);echo "</pre>";

 

Before the line

 

@curl_close($ch);

 

You should now see the connection errors.

 

Capture2.png

 

Errors might be because your server does not handle TLS connections. Please take contact with your host by copying him the errors. 

 

 

Regards, 

202 ecommerce

  • Like 3
Link to comment
Share on other sites

Sorry if I am not understanding something here. Are you really suggesting that all those non programmers in Europe that use your PayPal module have to manually make these changes?

 

Why is one version of the module being modified and the other not?

 

To help Europe users even more how will a non programmer know which version of the mdoule they have?

 

 

module says

PayPal v3.6.6 - by PrestaShop -  Official

 

so can one assume that if we have a shop in Europe we MUST have the Europe module or could someone in Europe also use the American module?

Link to comment
Share on other sites

Sorry for the multiple post attempts, the forum refused to display the code properly, so I used an image.

 

I believe 202 was simply alerting users to potential issue in the PrestaShop built in PayPal module (and possibly others).

 

To make it simple, if any module / code you have is using one of the following:

 

paypal_code.png

 

 

This is true for any payment module you may be using, made by PrestaShop, or not.

  • Like 2
Link to comment
Share on other sites

I am shocked by the lack of responsibility of Prestashop on this.. I also have the following module

Developed by : PrestaShop   Version : 3.7.1

 

Unclear if its EU or non EU even though I am in Europe.. and furthermore, there is no "Update it button" next to it as a panic email from Paypal says there should be! (and Yes, I'm running Prestashop 1.5)

 

Since the one and only module I know to work is "developed by Prestashop" and will be out of tune in a few days shouldn't it therefore be fixed/updated BY Prestashop?? who could minimize this enormous headache and panic within the holiday season?

To my amaze, Prestashop customer service has prompted me to email 212's email address (from which I have no reply) and take no responsibility and are unwilling to discuss it further..

So I am absolutely alienated by the quality of customer support and technical responsibility of Prestashop as there are several gaps and issues here. And guess what? The phone lines give a 4 minute waiting time and then an answer phone, every line, every time.

 

If someone could point me in the right direction here, it would greatly be appreciated.

To summarize:

1) I currently have a Paypal v 3.7.1 module that doesn't say if its Paypal EU or not.

2) There is no update it button on the back-end next to the module (as I was told there would be by a Paypal email received today)

3) Over on Prestashop add-ons page, the closest match I can see is Paypal Europe - Offical module, developed by a third party instead of Prestashop - with no explanations

 

Do I download it and upload it manually in prestashop 1.5? Is this normal? Shouldn't I just update it as described in 202's image above?

Finally the new post about "for people using a version of PayPal Europe  with a version greater or equal to 2.8.7 must do the modification manually on module file to move from SSL to TLS. "  adds even further confusion and insanity to this!!!

 

H E L P !

Link to comment
Share on other sites

Hi, 

for people using a version of PayPal Europe  with a version greater or equal to 2.8.7 must do the modification manually on module file to move from SSL to TLS. 

1. Which version are concerned

The version up to 2.8.6 are not concerned by this modification as the protocol used in the module is not forced. All the module with a version greater or equal to 2.8.7 must do the modification

 

2. Modifications 1.1        File to change

The modification consists in changing two lines of codes in the module in the following file :

 

Version 2.8.7 :

/modules/paypal/api/paypalconnect.php

 

Version greater or equal to 3.0.9

         /modules/paypal/api/paypal_connect.php

1.2        Changes 1.2.1     First change

Find the line :

 

@curl_setopt($ch, CURLOPT_SSLVERSION,                 3);

or :

@curl_setopt($ch, CURLOPT_SSLVERSION, 3);

 

Replace this line with this new line :

 

@curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);

1.2.2     Second change

 

Replace the line :

$fp = @fsockopen(.$host, 443, $errno, $errstr, 4);

with 

$fp = @fsockopen(.$host, 443, $errno, $errstr, 4);

 

3. Error possible

Once you have made the modification, try to make a payment.

If you have a screen with an error looking like this :

ecrant1.png

 

 

To see the errors, go to the paypal_connect.php file and add :

 

echo "<pre>";print_r($this->_logs);echo "</pre>";

 

Before the line

 

@curl_close($ch);

 

You should now see the connection errors.

 

Capture2.png

 

Errors might be because your server does not handle TLS connections. Please take contact with your host by copying him the errors. 

 

 

Regards, 

202 ecommerce

 

The second change is the same as before. Is it correct?

Link to comment
Share on other sites

Hi All...

 

Would appreciate your help on this..

 

We are using Prestashop version 1.5.4.1 as you can clearly see from the screenshot I have attached.  
 
As per the instructions provided in the PayPal email, there should be an 'Update It' button appearing next to the PayPal module in the Prestashop admin area which should allow us to upgrade PayPal to version 3.8.0. However, clearly, there is no 'Update It' button appearing at all.
 
Furthermore, when I browse the Addons.Prestashop.com site, I cannot find any place to download this PayPal 3.8.0 update from.
 
Can someone please send me a link to the location from where I can download PayPal Update 3.8.0 from??
 
Thank you!!

post-873602-0-46207100-1416297220_thumb.png

  • Like 1
Link to comment
Share on other sites

Just a small correction the image I posted yesterday (Post #5) was incorrectly listing the second change as when it should have been

 

I have corrected it, but in case anyone has implemented it already, please make sure to update (it would only affects sites not using CURL, but should still be corrected).

  • Like 2
Link to comment
Share on other sites

I just updated from 3.7.1 and seems to work fine.

Try to test in SANDBOX mode, as PayPal mentions that for now (ONLY) the sandbox has turned off the old protocols. Testing it on the LIVE site may not 100% certify that it works after December 3, when they WILL turn off the old protocol here.

 

Don't forget to change your PayPal API to your Sandbox API's  (and back to live API's afterwards!!)

 

https://developer.paypal.com/docs/classic/lifecycle/sb_credentials/

 

 

pascal

  • Like 1
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...