Skip to content
This repository has been archived by the owner on Nov 18, 2024. It is now read-only.

Releases: paypal/permissions-sdk-php

TLSv1.2 Update

09 Dec 19:26
@jaypatel512 jaypatel512
v3.9.1
9f5ac1d
Compare
Choose a tag to compare
TLSv1.2 Update Latest
Latest
  • Enabled samples to verify it TLSv1.2 is supported
  • Replace mode in configurations from sandbox to tls to verify
Assets 2
Loading

SDK Core Dependency

22 Sep 18:20
@jaypatel512 jaypatel512
v3.9.0
a440072
Compare
Choose a tag to compare
SDK Core Dependency 
v3.9.0

SDK Core Dependency
Assets 2
Loading

Poodle Fix - PHP 5.3 or higher (Recommended)

11 Nov 19:52
@jaypatel512 jaypatel512
v3.8.107
9d6d928
Compare
Choose a tag to compare
Poodle Fix - PHP 5.3 or higher (Recommended)

POODLE Update

  • Because of the Poodle vulnerability, PayPal has disabled SSLv3.
  • To enable TLS encryption, the changes were made to PPHttpConfig.php in SDK Core to use a cipher list specific to TLS encryption.
    /**
     * Some default options for curl
     * These are typically overridden by PPConnectionManager
     */
    public static $DEFAULT_CURL_OPTS = array(
        CURLOPT_SSLVERSION => 1,
        CURLOPT_CONNECTTIMEOUT => 10,
        CURLOPT_RETURNTRANSFER => TRUE,
        CURLOPT_TIMEOUT        => 60,   // maximum number of seconds to allow cURL functions to execute
        CURLOPT_USERAGENT      => 'PayPal-PHP-SDK',
        CURLOPT_HTTPHEADER     => array(),
        CURLOPT_SSL_VERIFYHOST => 2,
        CURLOPT_SSL_VERIFYPEER => 1,
        CURLOPT_SSL_CIPHER_LIST => 'TLSv1',
    );
  • There are two primary changes done to curl options:
    • CURLOPT_SSLVERSION is set to 1 . See here for more information
    • CURLOPT_SSL_CIPHER_LIST was set to TLSv1, See here for more information

All these changes are included in the recent release, along with many other bug fixes. We highly encourage you to update your versions, by either using composer or running this command shown below:

curl -k -L https://raw.githubusercontent.com/paypal/permissions-sdk-php/stable-php5.3/samples/install.php | php
        OR
wget  https://raw.githubusercontent.com/paypal/permissions-sdk-php/stable-php5.3/samples/install.php
php install.php
Assets 2
Loading

Poodle Fix - PHP 5.2 compatible

11 Nov 19:52
@jaypatel512 jaypatel512
v2.6.107
17b2dcc
Compare
Choose a tag to compare
Poodle Fix - PHP 5.2 compatible

POODLE Update

  • Because of the Poodle vulnerability, PayPal has disabled SSLv3.
  • To enable TLS encryption, the changes were made to PPHttpConfig.php in SDK Core to use a cipher list specific to TLS encryption.
    /**
     * Some default options for curl
     * These are typically overridden by PPConnectionManager
     */
    public static $DEFAULT_CURL_OPTS = array(
        CURLOPT_SSLVERSION => 1,
        CURLOPT_CONNECTTIMEOUT => 10,
        CURLOPT_RETURNTRANSFER => TRUE,
        CURLOPT_TIMEOUT        => 60,   // maximum number of seconds to allow cURL functions to execute
        CURLOPT_USERAGENT      => 'PayPal-PHP-SDK',
        CURLOPT_HTTPHEADER     => array(),
        CURLOPT_SSL_VERIFYHOST => 2,
        CURLOPT_SSL_VERIFYPEER => 1,
        CURLOPT_SSL_CIPHER_LIST => 'TLSv1',
    );
  • There are two primary changes done to curl options:
    • CURLOPT_SSLVERSION is set to 1 . See here for more information
    • CURLOPT_SSL_CIPHER_LIST was set to TLSv1, See here for more information

All these changes are included in the recent release, along with many other bug fixes. We highly encourage you to update your versions, by either using composer or running this command shown below:

curl -k -L https://raw.githubusercontent.com/paypal/permissions-sdk-php/stable/samples/install.php | php
        OR
wget  https://raw.githubusercontent.com/paypal/permissions-sdk-php/stable/samples/install.php
php install.php
Assets 2
Loading