Update PHP cURL request from SSLv3 to TLS..?

Question

Because of the recent vulnerability discovered in SSLv3, many web service providers (ie. PayPal, Facebook, Google) are disabling that and wanting us to use TLS instead. I\'

Answer 1

A better solution until Paypal updates its core SDK would be to override the CURLOPT_SSL_CIPHER_LIST directly in your application. This way you don't have to interfere with the sdk-core-php package directly and you will be free to upgrade it in future.

You could add something like the following to your app's bootstrap or payment processing logic:

PPHttpConfig::$DEFAULT_CURL_OPTS[CURLOPT_SSL_CIPHER_LIST] = 'TLSv1';

Just make sure you comment it thoroughly and remember to take it out later when the issue has been patched in the core.