Question Re: POODLE SSL Vulnerability vs if I have no SSL certificate on my store

[vandiermen]

Hello,
Regarding: http://www.zen-cart.com/showthread.p...yment-security
Question: Do I need to update if my website does not have SSL installed?

Also,
I tested one of my websites that has SSL and I was directed to the paypal website fine, no problem.
Question: Do I need to do the update anyway?
Also, could there be a problem with sending the payment receipt back to my website after purchase, that I am not seeing because I did not place an order.

[DrByte]

Yes, you should apply the change anyway.
The SSL used to broker the payment transaction takes place at a different level in your server and is not related to whether you bought an SSL certificate for your store or not.

[vandiermen]

probably I am not using SSL version 3 because checkout seems fine? and if I am not using version 3 I do not need to update?
I will check other websites to make sure checkout is going to paypay and that should tell me if I need to update?

[vandiermen]

p.s.
I just got your message and will update anyway.

[vandiermen]

Also I read

Sigh. It appears as though PayPal may have (temporarily) recanted their earlier aggressive block of all SSL3 connectivity to their live site, as connections are once again working fine (at this moment) using the original CURLOPT_SSLVERSION => 3 setting.

But they have stated that they will remove SSLv3 entirely very soon:
https://www.paypal-community.com/t5/...LE/ba-p/891829