我从 paypal 收到了这封邮件,但我不明白他们想说什么,
他们从 2014 年 12 月 3 日起停止了哪些服务,
我正在使用快速结账流程为我的网站付款
我需要购买新的 SSL 吗?
Immediate action required
XYZ,
On October 14, 2014, details were released about a vulnerability to
version 3 of Secure Sockets Layer (SSL 3.0). Since that time, PayPal has
been hard at work to mitigate any potential impact to our consumers and
merchant customers.
To help mitigate risk associated with this vulnerability, PayPal will
discontinue support for SSL 3.0 on DECEMBER 3, 2104 AT 12:01 A.M.
PACIFIC STANDARD TIME. Unfortunately, this necessary step may cause
compatibility problems resulting in the inability for customers to pay
with PayPal on your site or other processing issues.
We wouldn't have been able to extend our support of SSL 3.0 to December
3, 2014, at 12:01 a.m. PST if we hadn't also been able to take
significant steps to migrate the risk of this vulnerability for our
customers. We want to assure our customers we have seen no evidence that
the SSL 3.0 issue has led to any compromise of security at PayPal.
Keeping our customers' accounts, data and money secure is PayPal's top
priority and a guiding principle when we make challenging decisions,
like this one.
We're here to help our merchants through this process. We've put
together a comprehensive Merchant Response Guide [1] to ensure systems
are secure from this vulnerability.
WHAT DO I NEED TO DO?
If you don't manage website integrations for your business, we strongly
encourage you to work with your website service partner (developer,
hosting company or e-commerce platform, etc.) and share the Merchant
Response Guide [1], which provides the basic guidelines on how to update
to Transport Layer Security (TLS). If your website service has questions
or need support, advise them to contact our Merchant Technical Support
[2].
Thank you for your prompt attention to move this issue and understanding
of our approach. Though we recognize this necessary step may cause
compatibility issues, we can't stress enough that this short-term
inconvenience is heavily outweighed by our joint promise to our
respective customers that we will keep their accounts and financial
details safe. We plan to keep our customers up to date on how we are
addressing this issue via the appropriate channels, including PayPal
Forward [3], our Twitter handle [4], Customer Service [5] and for
merchants, through our Merchant Services team.
For technical assistance, please call 855-489-0342.
We appreciate your patience and understanding as we work around the
clock to better serve you and keep you and our consumers safe.
Help [6] Contact [7]Fees [8] Security [9] Features [10] Shop [11]
Please do not reply to this email. We are unable to respond to inquiries
sent to this address. For immediate answers to your questions, visit our
Help Center by clicking "Help" on any PayPal page.
© 2014 PayPal Inc. All rights reserved. PayPal is located at 2211 N.
First St., San Jose, CA 95131.
Call
Send SMS
Add to Skype
You'll need Skype CreditFree via Skype
Links:
------
[1] https://ppmts.custhelp.com/app/answers/detail/a_id/1147
[2] https://ppmts.custhelp.com/
[3] https://www.paypal-community.com/t5/PayPal-Forward/bg-p/PPFWD
[4] https://twitter.com/AskPayPal
[5] https://www.paypal.com/us/webapps/helpcenter/helphub/home/
[6] https://www.paypal.com/us/cgi-bin/webscr?cmd=_help
[7] https://www.paypal.com/us/cgi-bin/webscr?cmd=_help&t=escalateTab
[8] https://www.paypal.com/us/webapps/mpp/paypal-fees
[9] https://www.paypal.com/us/webapps/mpp/paypal-safety-and-security
[10] https://www.paypal.com/us/webapps/mpp/about-paypal-products
[11] https://shopping.paypal.com/index
最佳答案
不,该问题与 POODLE 漏洞有关,这导致我们在您调用 PayPal API 时禁用基于 SSLv3 的验证。
当您向 PayPal API 发出请求时,系统会尝试确保您实际上是在与 PayPal 通话,而不是其他人。为此,我们曾经使用 SSLv3 协议(protocol)加密一些数据。现在,由于 Google 发现了 SSLv3 的错误,我们正在升级到 TLSv1。
为此,您需要按照 https://ppmts.custhelp.com/app/answers/detail/a_id/1182 中显示的步骤进行操作
根据您使用的语言,更改可能会有所不同。修复相当简单,但是,现在是将整个 SDK 升级到可能包含更多修复和功能的最新版本的好时机。
关于php - 需要立即采取行动 – SSL 3.0 漏洞,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26902011/