PayPal Shutting Down SSLv3 on January 12, 2015
PayPal Shutting Down SSLv3 on January 12, 2015
The PayPal Partner Management Team has recently announced that they will be shutting down the SSL 3.0 vulnerability, also known as the POODLE, on January 12, 2015.
The shutdown will impact any merchant processing transactions using SSLv3. Paypal is currently reaching out to existing users to make sure that customers are readying themselves for the update before they initiate the shutdown.
Users preparing for the shutdown should confirm the following:
1) Server/Browser side TLS compliance (impact consumers connecting to the partner/merchant website)
You can use this site to test for TLS compliance on your server ride: https://www.ssllabs.com/ssltest
2) Client side TLS complaince (impacts integration with PayPal)
Ensure any connectivity (i.e., API ccalls) to PayPal is TLS compliant
You can test this by making a call to the PayPal sandbox (details below).
If the transactions are going appropriately through the sandbox, you should be fine. https://ppmts.custhelp.com/ci/fattach/get/439045/1415669876/redirect/1/filename/Poodle%20SSL%203%200%20Vulnerability%20-%20Merchant%20Response%20Guide%20%28U.S.%20English%29.pdf
Can you share if you needed to make any code change to be TLS compliant? If so, what was the change made, and when?
PayPal Communication
PayPal has continued to provide notification to all partners here:
