This repository has been archived by the owner on Sep 10, 2022. It is now read-only.
Poodle Fix - PHP 5.3 or higher (Recommended)
POODLE Fix
- Because of the Poodle vulnerability, PayPal has disabled SSLv3.
- To enable TLS encryption, the changes were made to PPHttpConfig.php in SDK Core to use a cipher list specific to TLS encryption.
/**
* Some default options for curl
* These are typically overridden by PPConnectionManager
*/
public static $DEFAULT_CURL_OPTS = array(
CURLOPT_SSLVERSION => 1,
CURLOPT_CONNECTTIMEOUT => 10,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_TIMEOUT => 60, // maximum number of seconds to allow cURL functions to execute
CURLOPT_USERAGENT => 'PayPal-PHP-SDK',
CURLOPT_HTTPHEADER => array(),
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_SSL_VERIFYPEER => 1,
CURLOPT_SSL_CIPHER_LIST => 'TLSv1',
);
- There are two primary changes done to curl options:
All these changes are included in the recent release, along with many other bug fixes. We highly encourage you to update your versions, by either using composer
or running this command shown below:
curl -k -L https://raw.githubusercontent.com/paypal/merchant-sdk-php/stable-php5.3/samples/install.php | php
OR
wget https://raw.githubusercontent.com/paypal/merchant-sdk-php/stable-php5.3/samples/install.php
php install.php