PayPal discontinues SSL 3.0 support
PayPal has announced that they will disable SSL 3.0 completely by the 3rd of December 2014. So the last day on which it will work is the 2nd December 2014.
I quote PayPal’s message:
Please note that PayPal will completely disable SSL 3.0 support on December 3, 2014. Unfortunately, we realize shutting off SSL 3.0 may cause compatibility problems for a few of our customers resulting in the inability to pay with PayPal on some merchant sites or other processing issues that we are still identifying. To enable your assessment and potential remediation, we’ve put together this Merchant Response Guide to help ensure your integration is secure from this vulnerability.
You can read more about the POODLE vulnerability.
What does this mean for you?
If you are using our plugins, specifically our Shopping Cart plugin and Newsletter plugin, you’ll need to update to get the new code changes required in order to use the TLS protocol for connections to PayPal instead of SSL.
Newsletter plugin affected
If you are using paid subscriptions in the Newsletter plugin with PayPal as the payment method, you will be affected by the discontinued support of SSL 3.0 by PayPal. We have released version 4.4.3 of the Newsletter plugin today which includes the required code changes to prevent the PayPal IPN from not working.
Shopping Cart plugin affected
If you are using either PayPal Standard or PayPal Pro in our Shopping Cart plugin, you will be affected. We are about to release an update for the Shopping Cart plugin which will include a change in the protocol for PayPal calls from SSL to TLS to ensure it will keep working. Please keep and eye out for the update over the next couple of days.
If you have any questions, please feel free to contact us.