Immediate action required: SSLv3 security alert causing changes in PayPal modules

Due to the POODLE security attack, PayPal will drop their support for SSL 3.0 on December 3rd 2014. In order to keep offering PayPal as payment, this blog post will show you the possible ways to adapt to the issue.


This is an urgent note to everyone using PayPal as a payment provider in their OXID eShop.

In October 2014, a vulnerability of the SSL 3.0 protocol was detected, as discussed in forums and blogs recently. This means, websites and all internet businesses relying on SSL 3.0 can no longer sufficiently protect their users‘ information from hackers.

Payment provider PayPal will drop their support for SSL 3.0 on December 3rd 2014, 12:01 a.m. PST (09:01 a.m. CET), causing all PayPal transactions based on SSL 3.0 not to work any longer from this moment on.

In order to keep offering PayPal as a payment in your OXID eShop, please update your OXID eFire Extension PayPal to version

3.2.1 when using OXID eShop 5.2.x (EE) or 4.9.x (PE/CE)
3.1.2 when using OXID eShop 5.1.x (EE) or 4.8.x (PE/CE)
3.0.3 when using OXID eShop 5.0.x (EE) or 4.7.x (PE/CE)

We will also publish a patched version of the OXID eFire Extension PayPal for OXID eShop 4.4.x to 4.6.x within the next week.

Please note:

If you refuse to proceed one of the solutions mentioned above, every payment via PayPal will fail from December 3rd onwards! This also applies for the PayPal Portlets in our cloud platform OXID eFire, which will not be altered. If you still run this method, please update to our standalone OXID eFire Extension as soon as possible. The extension can be found in OXID eXchange.