What is POODLE?

POODLE is an internet security vulnerability that impacts the Secure Sockets Layer (SSL) 3.0 protocol, which was designed to ensure secure connections when browsing the Internet.  When exploited, this vulnerability enables a cyber criminal to gain access to connections considered secure via this widespread (but 15-year-old) security protocol.

How are Service Providers Responding?

PayPal, Facebook, Twitter, Google, Amazon, and pretty much all the service providers out there will be completely disabling SSL 3.0 support with their web service API’s.  Many of these companies have already done so, while others are providing a little bit more time for software developers and solution providers to make the necessary changes. PayPal has already disabled SSLv3 on their sandbox (testing) servers, and as of 1/19/2016 they are now requiring TLS 1.2, which is causing lots of people to run into this problem if they weren’t aware and are not prepared.

Quickest Solution to the PayPal SSL Error Problem?

Contact your web hosting provider and let them know you are getting SSL errors when making HTTP requests because the services you are using require TLS 1.2 due to the POODLE vulnerability.  That should be enough for them to know what’s going on and they can get it fixed for you.

Web Server Software Stack Details

Here’s What You Need!

  • cURL 7.29 or higher
  • OpenSSL 1.0.1 or higher
  • PHP 5.5.19 or higher

As of 01.19.2016 PayPal now supports only TLS 1.2 on the sandbox.

If you want to use TLS 1.2 you’ll need to upgrade to OpenSSL 1.0.1 as a minimum, and then you’ll be able to set CURLOPT_SSLVERSION to 6 (TLS 1.2).  You will also need cURL 7.29+.

If you want TLS 1.2 to be used automatically during SSL requests, you’ll also need to upgrade to PHP 5.5.19+ (this is the ideal solution but many projects are still on older PHP versions).

If you are on a shared hosting environment and the host will not update your server you are going to need to move to a new server with that host (or switch hosts altogether).

PayPal POODLE Reference

Take a look at more details about the changes PayPal is making because of the POODLE vulnerability.

Need Additional Help?

Schedule a live meeting with Drew Angell, PayPal Certified Developer, and get all of your questions or concerns answered.