Guest Posted November 11, 2014 Share Posted November 11, 2014 Immediate action required. On 14 October 2014, details were released about a vulnerability to version 3 of Secure Sockets Layer (SSL 3.0). Since that time, PayPal has been hard at work to mitigate any potential impact to our consumers and merchant customers. To help mitigate risk associated with this vulnerability, PayPal will discontinue support for SSL 3.0 on 3 December 2104 at 8:01 a.m. Greenwich Mean Time. Unfortunately, this necessary step may cause compatibility problems resulting in the inability for customers to pay with PayPal on your site or other processing issues. We wouldn’t have been able to extend our support of SSL 3.0 to 3 December 2014, at 8:01 a.m. GMT if we hadn’t also been able to take significant steps to migrate the risk of this vulnerability for our customers. We want to assure our customers we have seen no evidence that the SSL 3.0 issue has led to any compromise of security at PayPal. Keeping our customers’ accounts, data and money secure is PayPal’s top priority and a guiding principle when we make challenging decisions, like this one. We’re here to help our merchants through this process. We’ve put together a comprehensive Merchant Response Guide to ensure systems are secure from this vulnerability. What do I need to do? If you don’t manage website integrations for your business, we strongly encourage you to work with your website service partner (developer, hosting company or e-commerce platform, etc.) and share the Merchant Response Guide, which provides the basic guidelines on how to update to Transport Layer Security (TLS). If your website service has questions or need support, advise them to contact our Merchant Technical Support. Thank you for your prompt attention to move this issue and understanding of our approach. Though we recognise this necessary step may cause compatibility issues, we can’t stress enough that this short-term inconvenience is heavily outweighed by our joint promise to our respective customers that we will keep their accounts and financial details safe. We plan to keep our customers up to date on how we are addressing this issue via the appropriate channels, including PayPal Forward, our Twitter handle, Customer Service and for merchants, through our Merchant Services team. We appreciate your patience and understanding as we work around the clock to better serve you and keep you and our consumers safe. Just received the above message from PayPal Can anyone tell me if there is anything we as merchants using Prestashop and the latest PayPal module if there is anything we need to do? Link to comment Share on other sites More sharing options...
Jimbola Posted November 11, 2014 Share Posted November 11, 2014 (edited) Just got this as well. Edited November 11, 2014 by Jimbola (see edit history) Link to comment Share on other sites More sharing options...
Tim fewStones Posted November 12, 2014 Share Posted November 12, 2014 Subscribing. Link to comment Share on other sites More sharing options...
wang yi li Posted November 12, 2014 Share Posted November 12, 2014 Whether the PayPal module that PrestaShop needs to be updated, I look at the source code inside or by SSLv3 PayPal in December 4th to stop the SSLv3 server, has an effect on PrestaShop? Trouble administrator reply as soon as possible under the Link to comment Share on other sites More sharing options...
kashifkhan112 Posted November 12, 2014 Share Posted November 12, 2014 My client has received this email, i believe Prestahop team will reply asap. Link to comment Share on other sites More sharing options...
bellini13 Posted November 12, 2014 Share Posted November 12, 2014 My client has received this email, i believe Prestahop team will reply asap. I believe PS will reply on Dec 5th when things stop working and enough people complain. Only moderators are reading these, so hope one of them will be able to get the correct attention 1 Link to comment Share on other sites More sharing options...
Guest Posted November 12, 2014 Share Posted November 12, 2014 Added to Forge, will see what happens http://forge.prestashop.com/browse/PNM-2995 Link to comment Share on other sites More sharing options...
202ecommerce Posted November 13, 2014 Share Posted November 13, 2014 Hi all, Since the SSL v3 issue (also known as POODLE) was identified on October 14, PayPal has been hard at work to mitigate any potential impact to our customers and has thus decided to completely disable SSL 3.0 support on December 3, 2104 at 12:01 a.m. Pacific Standard Time. POODLE is an internet security vulnerability that impacts the Secure Sockets Layer (SSL) 3.0 protocol, which was designed to ensure secure connections when surfing on the Internet. As a consequence all PayPal merchant customers using PrestaShop will need to update their PayPal integration by upgrading their PayPal module on PrestaShop before December 3rd, 2014 in order to disable SSL 3.0 for their client interactions. This update will be available on Tuesday November 18th, 2014 on Addons (version 3.8.0 to come). Please make sure to upgrade your module on the latest version once available. Thank you for your prompt attention to this issue and understanding of our approach. Link to comment Share on other sites More sharing options...
wang yi li Posted November 13, 2014 Share Posted November 13, 2014 The PrestaShop Paypal module we have solved, as long as the _connectByCURLfunction of the CURL parameters of CURLOPT_SSLVERSION update Paypalpaypal_connect.php file for the CURL_SSLVERSION_TLSv1 can be upgraded, but the premise is the server must support CURL. I hope you can help. Link to comment Share on other sites More sharing options...
webnetstudio Posted November 13, 2014 Share Posted November 13, 2014 The PrestaShop Paypal module we have solved, as long as the _connectByCURLfunction of the CURL parameters of CURLOPT_SSLVERSION update Paypalpaypal_connect.php file for the CURL_SSLVERSION_TLSv1 can be upgraded, but the premise is the server must support CURL. I hope you can help. Hi alls, we use an old version of Prestashop 1.4.4.1 with Paypal Module 2.8.4. In this case the CURLOPT_SSLVERSION don't exit, do ou think the module will be ok? Or we need to change the source? Adding CURL_SSLVERSION_TLSv1 line wil be transfer data with TLS or it will be necessary to ugrade CULR version? Many thanks Link to comment Share on other sites More sharing options...
manel10_12 Posted November 18, 2014 Share Posted November 18, 2014 Hi alls, we use an old version of Prestashop 1.4.4.1 with Paypal Module 2.8.4. In this case the CURLOPT_SSLVERSION don't exit, do ou think the module will be ok? Or we need to change the source? Adding CURL_SSLVERSION_TLSv1 line wil be transfer data with TLS or it will be necessary to ugrade CULR version? Many thanks you need to change it through the code, inside the module of Paypal, you need to edit the file paypalconnect.php wixh is inside the folder api of paypal module, editing the file or changing the file for the new one. Link to comment Share on other sites More sharing options...
manel10_12 Posted November 18, 2014 Share Posted November 18, 2014 you need to change it through the code, inside the module of Paypal, you need to edit the file paypalconnect.php wixh is inside the folder api of paypal module, editing the file or changing the file for the new one. I've just checked out the paypal module for 1.4 in 1 customer that I got, you'll need to change it throught code because replacing will not work, the code is different, better change it by code because I've tried to update it as Paypal recommends, uploading the new module, and in my case it did'nt work, instead it messed up all the paypal configuration page, so I had to upload back the old version. Link to comment Share on other sites More sharing options...
Sentenza Posted November 18, 2014 Share Posted November 18, 2014 (edited) Somewhere I understood reading here http://www.prestashop.com/forums/topic/380185-paypal-modification-ssl-v3-to-tls/ we should have theese kind of situation depending on the version of paypal module: - paypal version <= 2.8.6 - if server use CURL or FSOCK: no need to change anyting - 2.8.7 <= paypal version < 3.0.9 - if server use CURL: change in file modules/paypal/api/paypalconnect.php in function _connectByCURL($url, $body) the line @curl_setopt($ch, CURLOPT_SSLVERSION, 3); with this one @curl_setopt($ch, CURLOPT_SSLVERSION, defined(CURL_SSLVERSION_TLSv1) ? CURL_SSLVERSION_TLSv1 : 1); - 3.0.9 <= paypal version <= 3.7.X - if server use CURL: change in file modules/paypal/api/paypal_connect.php in function _connectByCURL($url, $body) the line @curl_setopt($ch, CURLOPT_SSLVERSION, 3); with this one @curl_setopt($ch, CURLOPT_SSLVERSION, defined(CURL_SSLVERSION_TLSv1) ? CURL_SSLVERSION_TLSv1 : 1); Edited November 18, 2014 by Sentenza (see edit history) 1 Link to comment Share on other sites More sharing options...
Pascal - Netenvie Posted November 18, 2014 Share Posted November 18, 2014 Hi all, Since the SSL v3 issue (also known as POODLE) was identified on October 14, PayPal has been hard at work to mitigate any potential impact to our customers and has thus decided to completely disable SSL 3.0 support on December 3, 2104 at 12:01 a.m. Pacific Standard Time. POODLE is an internet security vulnerability that impacts the Secure Sockets Layer (SSL) 3.0 protocol, which was designed to ensure secure connections when surfing on the Internet. As a consequence all PayPal merchant customers using PrestaShop will need to update their PayPal integration by upgrading their PayPal module on PrestaShop before December 3rd, 2014 in order to disable SSL 3.0 for their client interactions. This update will be available on Tuesday November 18th, 2014 on Addons (version 3.8.0 to come). Please make sure to upgrade your module on the latest version once available. Thank you for your prompt attention to this issue and understanding of our approach. My question is : We only need to upgrade/replace Paypal module or we also need to update server configuration ? Link to comment Share on other sites More sharing options...
Nick Lappage Posted November 18, 2014 Share Posted November 18, 2014 Hi all, I've just downloaded the new version of the PayPal module from this link http://addons.prestashop.com/fr/modules-paiement-prestashop/1748-paypal.html (French Addons site) which calls it the PayPal Europe - Offical module. and then uploaded the zip file to my prestashop sites, using the install new module method, (purely because the Update It link did not show). All is good and payments work with my UK websites. It would be nice if the developer updated their description to show it's for the UK as well. Now... who wants to tell the Addons site owners that Addons is missing a bunch of filters and the search function doesn't work? 1 Link to comment Share on other sites More sharing options...
rh1n0 Posted November 18, 2014 Share Posted November 18, 2014 Somewhere I understood reading here http://www.prestashop.com/forums/topic/380185-paypal-modification-ssl-v3-to-tls/ we should have theese kind of situation depending on the version of paypal module: [...] Thanks so much for this, Sentenza - implemented and tested, seems to work just as well as it did before. Hopefully it continues working come 3rd December, or I'll be in Dubai having too much of a good time to notice. =D Link to comment Share on other sites More sharing options...
NemoPS Posted November 19, 2014 Share Posted November 19, 2014 Some fixed files, feel free to contribute: http://nemops.com/prestashop-paypal-modules-will-stop-working/#.VGxr6fmjOr0 Link to comment Share on other sites More sharing options...
KevinNash Posted November 19, 2014 Share Posted November 19, 2014 Hello Nemo, your fix is different than 202ecommerce one, yo usuggest to delete or comment this line : @curl_setopt($ch, CURLOPT_SSLVERSION, 3); 202ecommerce suggest to replace it http://www.prestashop.com/forums/topic/380185-paypal-modification-ssl-v3-to-tls/ So what is the best and right solution ? Link to comment Share on other sites More sharing options...
oginet Posted November 22, 2014 Share Posted November 22, 2014 Nick Lappage says "I've just downloaded the new version of the PayPal module from this link http://addons.presta...748-paypal.html (French Addons site) which calls it the PayPal Europe" I am using Prestashop 1.4.11.0 and PayPal module 3.5.4. Are you saying that updating to the new module mentioned deals with the issues around PayPal's discontinuation of support for SSL 3.0 ? Your advice will be much appreciated. Link to comment Share on other sites More sharing options...
PascalVG Posted November 22, 2014 Share Posted November 22, 2014 More detailed info, also for 1.4.x in this thread http://www.prestashop.com/forums/topic/380185-paypal-modification-ssl-v3-to-tls/ Link to comment Share on other sites More sharing options...
frosticek Posted November 26, 2014 Share Posted November 26, 2014 (edited) Hi Guys, I am still getting errors after update (not permanent, usually works for few hours, but then still throws error), from time when SSL changed to TLS: PayPal response: -> Making new connection to 'api-3t.paypal.com/nvp' Connect with CURL method successful Sending this params: METHOD=SetExpressCheckout&VERSION=106&PWD=*********&USER=my.mail_api1.gmail.com&SIGNATURE=*********&CANCELURL=http%3A%2F%2Fmb-themes.com%2Fhome%2F14-osclass-anti-spam-plugin.html%3Fpaypal_ec_canceled%3D1%26&RETURNURL=http%3A%2F%2Fmb-themes.com%2Fmodules%2Fpaypal%2Fexpress_checkout%2Fpayment.php&NOSHIPPING=0&BUTTONSOURCE=PRESTASHOP_EC&L_PAYMENTREQUEST_0_NUMBER0=14&L_PAYMENTREQUEST_0_NAME0=Spam+Solution+Plugin&L_PAYMENTREQUEST_0_DESC0=Are+you+bother+from+spam%C2%A0on+your+classifieds%3FLet+S...&L_PAYMENTREQUEST_0_AMT0=27.5&L_PAYMENTREQUEST_0_QTY0=1&PAYMENTREQUEST_0_PAYMENTACTION=Sale&PAYMENTREQUEST_0_CURRENCYCODE=EUR&PAYMENTREQUEST_0_SHIPPINGAMT=0.00&PAYMENTREQUEST_0_ITEMAMT=27.5&PAYMENTREQUEST_0_AMT=27.50&SOLUTIONTYPE=Sole&LANDINGPAGE=Login&USER=my.mail_api1.gmail.com&PWD=*********&SIGNATURE=********* Send with CURL method failed ! Error: Couldn't resolve host 'api-3t.paypal.com' Connect failed with fsockopen method Has anyone idea what could be problem? tested 1.6.0.9 prestasthop and PayPal Europe v3.8.1 //Edit: Problem was solved by my hosting company, there was issue with DNS and cache. Edited November 26, 2014 by frosticek (see edit history) Link to comment Share on other sites More sharing options...
rajco Posted November 26, 2014 Share Posted November 26, 2014 Hey all I have problem Fatal error: Cannot redeclare class PaypalLib in Unknown on line 0 wtf it is ??? I have prestashop 1.4.8.2 and module PayPal v3.8.1 when I klick on confirm order in payment show Fatal error: Cannot redeclare class PaypalLib in Unknown on line 0 any help please mine web site http://www.gift-hut.co.uk Link to comment Share on other sites More sharing options...
hurray Posted November 26, 2014 Share Posted November 26, 2014 I am using prestashop version 1.3.1.1 with paypal module 1.6 and paypalAPI 1.0. Can someone please help me since paypal 3.8 is not compatible with version 1.3.1.1? I can't upgrade my site right now as the christmas shopping is here and I don't want to have any downtime. Can the codes be changed somewhere, may be in a paypal file? Link to comment Share on other sites More sharing options...
NemoPS Posted November 28, 2014 Share Posted November 28, 2014 I am using prestashop version 1.3.1.1 with paypal module 1.6 and paypalAPI 1.0. Can someone please help me since paypal 3.8 is not compatible with version 1.3.1.1? I can't upgrade my site right now as the christmas shopping is here and I don't want to have any downtime. Can the codes be changed somewhere, may be in a paypal file? See here: http://nemops.com/prestashop-paypal-modules-will-stop-working/#.VHhITjGjOr0 Locate that string mentioning ssl. If you don't have it, you should not be affected Link to comment Share on other sites More sharing options...
oginet Posted November 28, 2014 Share Posted November 28, 2014 Hi all, I've just downloaded the new version of the PayPal module from this link http://addons.prestashop.com/fr/modules-paiement-prestashop/1748-paypal.html (French Addons site) which calls it the PayPal Europe - Offical module. and then uploaded the zip file to my prestashop sites, using the install new module method, (purely because the Update It link did not show). All is good and payments work with my UK websites. It would be nice if the developer updated their description to show it's for the UK as well. Now... who wants to tell the Addons site owners that Addons is missing a bunch of filters and the search function doesn't work? Link to comment Share on other sites More sharing options...
oginet Posted November 28, 2014 Share Posted November 28, 2014 I'm using Prestashop 1.4 and Nick Lappage's solution has done the trick for me - many thanks Link to comment Share on other sites More sharing options...
zaglebie Posted November 28, 2014 Share Posted November 28, 2014 (edited) [deleted] Edited November 28, 2014 by zaglebie (see edit history) Link to comment Share on other sites More sharing options...
KDC Model Cars Posted November 30, 2014 Share Posted November 30, 2014 Hi, I'm using PrestaShop 1.4.7.0 and have PayPal module 2.8.6 I downloaded the latest version of PayPal, and tried to upload it in "Modules", but I keep getting the following: "Error occurred while extracting the module (file may be damaged)." (translated from Dutch) What should I do?? Link to comment Share on other sites More sharing options...
bellini13 Posted November 30, 2014 Share Posted November 30, 2014 download it again and ensure it is not corrupt. are you able to open the zip file? Link to comment Share on other sites More sharing options...
KDC Model Cars Posted November 30, 2014 Share Posted November 30, 2014 I downloaded a couple of times, no difference. No idea what it means to ensure it is not corrupt... I can open the file, yes Link to comment Share on other sites More sharing options...
oginet Posted November 30, 2014 Share Posted November 30, 2014 Did you "open the zip file? " as suggested - this would show a lot of files which have been zipped. Link to comment Share on other sites More sharing options...
KDC Model Cars Posted December 1, 2014 Share Posted December 1, 2014 When I open the file, there're a lot of " .php" - files. Link to comment Share on other sites More sharing options...
NemoPS Posted December 1, 2014 Share Posted December 1, 2014 That is correct, at this point try uploading the paypal folder manually via ftp, into /modules/ (make a backup of the current one + database) Link to comment Share on other sites More sharing options...
KDC Model Cars Posted December 1, 2014 Share Posted December 1, 2014 That is correct, at this point try uploading the paypal folder manually via ftp, into /modules/ (make a backup of the current one + database) Is what I did, doesn't work... Link to comment Share on other sites More sharing options...
NemoPS Posted December 3, 2014 Share Posted December 3, 2014 Sounds weird cause you described it as you were uploading the archive itself Can you describe the procedure you followed? Link to comment Share on other sites More sharing options...
KDC Model Cars Posted December 3, 2014 Share Posted December 3, 2014 Turns out there was a problem with writing permissions or something... Now it finally worked, after dowloading the backward compatibility module Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now