Error 0x1408F10B: “SSL3_GET_RECORD:wrong version number” with PayPal SDK

Question

Looks like PayPal might have updated its systems in light of the POODLE attack, causing sites using the PHP PayPal SDK to break.

I get the error:

Answer 1

UPDATE: As Jaffer noted, PayPal's GitHub repository has already merged the changes below, so you might just update your SDK.

At least this seems to work for now, though I will have to investigate what protocol it will actually use.

\PayPal\Core\PPHttpConfig::$DEFAULT_CURL_OPTS[CURLOPT_SSLVERSION] = 1;
// 0 = default protocol (likely TLSv1), 1 = TLSv1; unsafe: 2 = SSLv2, 3 = SSLv3

For other people using cURL directly, just use

curl_setopt($handle, CURLOPT_SSLVERSION, 1);

UPDATE:
Just looked up the source to cURL, these are the values (// comments mine):

enum {  
    CURL_SSLVERSION_DEFAULT, // 0
    CURL_SSLVERSION_TLSv1,   // 1
    CURL_SSLVERSION_SSLv2,   // 2
    CURL_SSLVERSION_SSLv3,   // 3

    CURL_SSLVERSION_LAST /* never use, keep last */  // 4
};

So to summarize, yes, 1 is TLSv1 and judging from the comment, is probably better than 4.
Updated code above.