Important announcement about POODLE vulnerability and payment security

An Internet security protocol vulnerability was found sometime ago, the industry is calling it “POODLE”. The vulnerability impacts a protocol called SSL 3.0, which was designed to ensure secure connections while surfing the Internet. Payment processors like Paypal and Authorize.net were using it for processing the payment securely.


Paypal and Authorize.net have officially announced that they are disallowing the communication via SSL 3.0 and are notifying the customers. So many store owners having Paypal and Authorize.net as their payment processors have started questioning what they should do.

In short, you don't have to do anything. All payment plugins of J2Store that use cURL to communicate with payment processors like Paypal and Authorize.net DO NOT have an SSL version specified. That means they use auto-negotiation of SSL version.

Some details:

PHP 5 and lib curl can actually auto-negotiate the best level to use as long as no SSL version is specified. So when a cURL request is made, PHP auto detects the best security level and uses it. Since Paypal and Authorize.Net disable SSL v3 support, the curl library will auto-negotiate to TLS.

So all the J2Store payment plugins including Paypal and Authorize.Net should work WITHOUT any issues.

Subscribe to get updates from us