Paypal SSL 3.0 Poodle
An important announcement has been recently received from PayPal that will affect SocialEngine PHP core’s Payment module. PayPal has recently announced that it will discontinue support for SSL 3.0 on 3 December 2014 at 8:01 a.m. GMT because of vulnerability to version 3 of Secure Sockets Layer (SSL 3.0).
This will cause compatibility problems in SocialEngine PHP powered website when using PayPal as one of their payment gateways, resulting in the inability of customers to pay with PayPal. Thus, website administrators using PayPal as a gateway on their SocialEngine PHP website should apply the below code level change immediately to avoid any such issues after December 3rd, 2014.
To make this compatibility fix in your SocialEngine PHP installation’s core, you can download the patch attached to this article and extract the downloaded file to get a folder named application.
Replace the existing file: /application/libraries/Engine/Service/PayPal.php
on your server with the corresponding file at the same path in the downloaded application folder.
If you would prefer to apply the fix directly to your website, then simply open the file:
/application/libraries/Engine/Service/PayPal.php at around line 100.
You should see the following:
Simply comment out the line above:
// $adapter->setCurlOption(CURLOPT_SSLVERSION, 3);
Note: If, after doing above changes, your site experiences some unexpected errors, then please make sure that you have the latest version of cURL on your server and PHP is built with that version. If not, please ask your hosting company to upgrade cURL on your server.
Edited by Les, 17 December 2015 - 01:00 AM.