20141126 - SSLv3 Deactivation on Paypal
In response to the discovery of Poodle vulnerability last October, Paypal announces the deactivation of SSLv3 as of 3th December 2014.
What consequences?
This update will impact:
- Web users: specifically web users using a browser that is not compatible with TLSv1 or higher. IE6 especially does not handle TLSv1 by default.
- Servers using a Paypal API to communicate with the merchant : SSL clients (such as curl or wget) must be compatible with TLSv1 or higher
- Servers receiving requests from Paypal (such as payment confirmation) must support TLSv1.
ADVICE AND RECOMMENDATIONS FROM TBS INTERNET
TBS has already communicated about the risks of using obsolete protocols. Here is what we recommend:
- Disable SSLv2/SSLv3 on the server
- Use our tool CopiBot (our SSL analyzer) that will check the configuration of your web sites.
External links
Last edited on 11/02/2018 11:11:55 --- [search]