PayPal SSL3.0 Integration

[moodybear]

Logging into PayPal it informs me I need to change setting on my site for continuation in taking trasanctions...

 

ANy Advise on this would be helpful on WHERE exactly to make the chance and ensure there is no break in the sales I have.

 

Or if any changes need to be made at all?

 

Many Many Thanks in advance

 

 

[bsmither]

According to >this announcement, there is no need for CubeCart owners to edit any CubeCart code.

 

The onus is on the server administrator to deal with SSL/TLS.

[danielkehorne]

I'm admining a site where the host has no plans to disable SSL3. Their response when asked about this was:-

 

'we wouldn't be able to disable SSL3 even temporarily, as this might have unintended consequences for other users on the server.

It might be worth asking CubeCart if they have any way of forcing the transaction with Paypal to be TLS-only, within the code.'

 

Any suggestions as to if there is a way to do this?

I'm admining a site where the host has no plans to disable SSL3. Their response when asked about this was:-

 

'we wouldn't be able to disable SSL3 even temporarily, as this might have unintended consequences for other users on the server.

It might be worth asking CubeCart if they have any way of forcing the transaction with Paypal to be TLS-only, within the code.'

 

Any suggestions as to if there is a way to do this?

I'm admining a site where the host has no plans to disable SSL3. Their response when asked about this was:-

 

'we wouldn't be able to disable SSL3 even temporarily, as this might have unintended consequences for other users on the server.

It might be worth asking CubeCart if they have any way of forcing the transaction with Paypal to be TLS-only, within the code.'

 

Any suggestions as to if there is a way to do this?

[danielkehorne]

I'm admining a site where the hosting company has no intention of disabling SSL. This is their response:-

 

'we wouldn't be able to disable SSL3 even temporarily, as this might have unintended consequences for other users on the server.

It might be worth asking CubeCart if they have any way of forcing the transaction with Paypal to be TLS-only, within the code.'

 

Any suggestions?

[bsmither]

From reading how other shopping cart programs are advising their users to deal with SSL/TLS, I conclude that the cURL library used by PHP (if at a recent version) auto-negotiates with the remote server (PayPal) for the best and highest version of encryption to use.

 

That is to say, because CubeCart does not tell cURL which type/version of encryption to use, cURL is free to ask PayPal if it can do this, and if not, then try this other, and if not, then try ....

 

I have looked only in the module gateway.class.php file, not in any of the plugin files for PayPal.

 

Are you, in fact, currently experiencing errors when trying to pay by PayPal?

[danielkehorne]

Hi,

 

No not currently experiencing errors on regular payments, but when we put Paypal into sandbox mode it does fail. So this makes me worry it's using SSL3.

[Toucan Web Design]

Just to check, did you set up a sandbox account with different details? They use a different encryption password and id and whatnot usually.. by the looks of things they've simplified it since last time I touched it, you should be able to quickly clone your live details into the sandbox mode one

 

But yes, if you've hooked that up, then a little worrying if it's failing on sandbox.. does it give a specific error, or is it generic?

[danielkehorne]

Thanks a lot Toucan, I had been trying sandbox using the normal details. Just tried sandbox with some test details from Paypal and it worked.

 

Thanks for the help.