WebsiteBaker Support (2.8.x) > Bakery Shop

Paypal security update?

<< < (2/3) > >>

Ruud:
There are many webshops out there running bakery < 1.70

Would it be possible to create an upgraded PayPal version for those too?
All Most NL webshops will have somekind of iDeal plugin installed that - due to the checkout flow - will  not run with the current Bakery versions, so they will probably still be using 1.6.x versions.

These older versions do not use SSL at all for IPN and PDT, so it is a bit unclear to me if they will keep on working after D-day.

freeSbee:
Hi Ruud

Thank you for the hint.

It is too bad that the guys from PHP Solutions did not update their iDEAL Checkout plug-in for Bakery. After releasing v1.7.0 I advised them of Bakerys new checkout flow but never got any reaction.

I think it should be possible to make a patch for Bakery v1.6.0 by adapting the files of v1.7.1:

* bakery/payment_methods/paypal/check_payment.php
* bakery/payment_methods/paypal/ipn.php
Regards Christoph

seanie_morris:

--- Quote from: freeSbee on November 26, 2014, 09:27:34 PM ---PayPal will completely disable SSL 3.0 support on December 3, 2014. This may cause compatibility problems for Bakery shops resulting in the inability to pay with PayPal.

Bakery uses PayPal PDT (Payment Data Transfer) and IPN (Instant Payment Notification) to verify PayPal transactions. Only PDT is ready to use the TLS protocol.

Next version of Bakery - which is almost ready - will be using TLS instead of SSLv3 protocol for both PDT and IPN.

--- End quote ---

Hi,

I need clarification on something about this: The existing version of Bakery (1.72) still uses the instructions based on the PayPal PDT settings. These have changed in PayPal, so what is the course of action here?

--- Quote ---Website Payment Preferences
Log in to your PayPal account: Go to "My Account" > "Profile" > "My selling tools" > "Website preferences".
--- End quote ---

Seanie.

freeSbee:
Hi Seanie

Version Bakery 1.7.1 (11/27/2014) See version history:
Due to the POODLE SSL 3.0 vulnerability updated PayPal IPN using cURL library to comply with TLS protocol since PayPal discontinued support for SSL 3.0 support on december 3, 2014.

Regards Christoph

seanie_morris:
Thanks for the speedy reply Christoph.

I am aware of the changes (only since visiting this forum, and not from PayPal!), what I don't know is how to get around the existing set of instructions under Bakery's Payment Methods for PayPal, which are now non-functional since PayPal has changed. My own PayPal dashboard has changed drastically, and while I get explanations on PayPal about PDTs, IPNs and so on, there is no (obvious) way to get to those settings. My PayPal account is under no restrictions, and the last time I set up a cart with Bakery was back in September. All these instructions for Website Payment Preferences and so on, seem to relate to developer options, found at: https://developer.paypal.com/

Am I missing something, or has anyone found a way to get around this?

Seanie.

Navigation

[0] Message Index

[#] Next page

[*] Previous page