Poodle SSLv3 error screws PayPal-Module + HowTo fix it


#1

Hi all,

we experienced that running [B]OXID 4.8.7[/B] with [B]PayPal module 3.1.1[/B] that no redirect in the basket to PayPal was possible. You were always redirected to the article overview in the basket with the error: [B]curl error: 35[/B].

This post is a short description how to fix this error.

After a while googling, i found a simple solution. You have to increase the SSL version in the curl-Part of your PayPal-Module. With no warranty, try this:

[ul]
[li]Open file [B]modules/oe/oepaypal/core/oepaypalcurl.php[/B][/li][li]Search for [B]‘CURLOPT_SSLVERSION’ => 3[/B][/li][li]Replace the [B]3[/B] with [B]4[/B][/li][/ul]

Thats it! Try to pay with PayPal in the basket again: it will be successful.

I guess with [B]PayPal module 3.2[/B] there is the same problem.

Kinda regards :slight_smile:


#2

well done! :smiley:


#3

@k00ni, this really looks like a bug in the paypal module. Can you second that?

Cheers


#4

Hey,

i don’t really think, that this is a bug, because it worked just fine until yesterday.

That because of the vulnerability in SSLv3 discovered by the Google group. Here are some news articles about it:

PayPal reacted really quickly and removed support for SSLv3 and less.

I think we should inform the PayPal-module guys that they publish a fix.

Regards


#5

[QUOTE=k00ni;151304]
I think we should inform the PayPal-module guys that they publish a fix.
[/QUOTE]

Done. With a bug report :wink:
https://bugs.oxid-esales.com/view.php?id=5921

Cheers!


#6

[QUOTE=Marco Steinhaeuser;151308]Done. With a bug report :wink:
https://bugs.oxid-esales.com/view.php?id=5921

Cheers![/QUOTE]

I was faster, I submitted that yesterday afternoon:
https://bugs.oxid-esales.com/view.php?id=5918


#7

Hey,

i think there should be a news or info-mail about that to all PayPal-module users out there. With a short explanation and a link to an updated package.

How do you guys want to handle this?

Greetings


#8

Let the devs fix the bug first and release a new version. Then we’ll go the usual release procedure incl. announcements etc. Sending an email is impossible as there is no registration required to use this module :wink:

Regards


#9

Many thanks k00ni
Today we got the problem and your solution works.
Our Shop on Strato.de gebraucht-schmuck.com
Tomorrow i will call the support and ask why they don´t inform the customers when they make such changes on the sytem. It took some hours for me to find the problem and your solution
Regards
Heinz Klauke


#10

Hi @HKlauke,
actually we informed on all channels available.

Cheers


#11

Hi Marco,

what are these channels? Where can i inform me as a normal OXID user?

Regards
k00ni


#12

Morning,

sorry, mixed up @HKlauke’s request.

what are these channels? Where can i inform me as a normal OXID user?

There are a couple of different channels for such announcements. As for the PayPal switch we sent email messages to all users of eFire PayPal. Usually we will additionally publish such information here:
[ul]
[li]Corporate blog --> get the RSS feed
[/li][li]Planet OXID (same post, just copied) --> get the RSS feed
[/li][li]Announcement forum --> subscribe
[/li][li]dev-general mailing list for developers --> subscribe
[/li][li]Community newsletter --> subscribe (not reliable for such urgent information except of somebody can help with it
[/li][li]XING group (German)
[/li][li]Linkedin Group
[/li][li]Facebook page --> like
[/li][li]Twitter --> follow
[/li][li]Google plus group
[/li][/ul]

You may also want to follow my personal social media accounts. Of course I’ll try to spread all relevant information:

Regards