Hello, when POODLE stuff was published here, I translated the official message here and published it in our forum (Zen Cart Italy) and made the fix for some site I manage.
A couple of weeks ago, Paypal (Italy) sent out a communication about POODLE. I got one of these, from the account manager of Paypal for that site. I pointed out 'our' solution was already in place and asked why tey were contacting us (saying that we were using SSL3). Tha account replied saying he asked to their tech and they suggested not to let php negotiate the protocol but to force using TLS.
I asked if this was official position of Paypal since it seemed to me that they previously 'accepted' to let php negotiate for the protocol to be a correct solution aswell.
No more answer, then, yesterday, I got in touch with another account (the first one is on vacation or whatelse) who pointed me to DrByte post here. There has been no way to have an answer why the former account manager told me that our official solution was not enough reliable.
So now, I'd just like to know if there are any side effects not to let php negotiate the protocol but to force the use of TLS.
Thank you
Bookmarks