Are you working on an update for the Paypal SSL 3.0 vulnerability?

I received a call and the following notice from Paypal regarding a security issue. They said either the shopping cart provider or host site should provide support. Are you going to provide a cart update for this?

Email from Paypal

On Tuesday, October 14, 2014, details were released about a vulnerability to version 3 of Secure Sockets Layer (SSL 3.0). Since that time, PayPal has been hard at work to mitigate any potential impact to our consumers and merchant customers.

To help mitigate risk associated with this vulnerability, PayPal will discontinue support for SSL 3.0 on December 3, 2014 at 12:01 a.m. Pacific Standard Time. Unfortunately, this necessary step may cause compatibility problems resulting in the inability for customers to pay with PayPal on your site or other processing issues.

We wouldn’t have been able to extend our support of SSL 3.0 to December 3, 2014, at 12:01 a.m. PST if we hadn’t also been able to take significant steps to migrate the risk of this vulnerability for our customers. We want to assure our customers we have seen no evidence that the SSL 3.0 issue has led to any compromise of security at PayPal.

1 answer

  • 1

    Dear Alice Rudolph,

    If you are using the paypal gateway (with IPN), and your order are successfully marked as PAID automatically then you need not to worry, otherwise if your order are not marked paid then certainly it is problem.


Add answer

To add a comment please sign up or login