stackoom
  简体   繁体   中英

PayPal IPN stopped working with Tomcat/Open SSL after POODLE update

 原文  2015-02-20 00:44:46       java/ tomcat/ paypal/ openssl/ paypal-ipn

Question

The PayPal IPN messages stopped coming through after PayPal made a change to cater for the POODLE vulnerability ( link ).

We are running Java 1.6 and Tomcat 6.

1 answers

solution1
 1  2015-02-20 00:44:46

PayPal investigated the problem, and here is the response:

The issue could be related to the web server your using (Tomcat) and the implementation of ciphers in Open SSL 1.0.

When testing your IPN URL using CURL, we are receiving the following error "error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error"

This appears to be an issue with Open SSL 1.0 and Tomcat, as outlined in the following article - http://georgik.sinusgear.com/2012/02/19/tomcat-7-and-curl-ssl23_get_server_hellotlsv1-alert-internal-error/

So we modified our tomcat server.xml to have the following: 

ciphers="SSL_RSA_WITH_RC4_128_SHA"

And the PayPal IPNs started working again.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question tomcat 8 stopped working after ubuntu update PayPal IPN and Simulator - Is SSL Required Which SSL Ciphers Should I Remove in Tomcat for the Poodle (SSL3) Vulnerability SSL not working for Tomcat 8 after 2 days web stopped working but Tomcat still running. Restart of Tomcat fixes issue Securing a Thrift server aginst the POODLE SSL vulnerability AppEngine API client-authentification stopped working after update Java applet stopped working after update to JRE 7u21 Apache & TomCat & SSL - App Not Working Open Declaration stopped working in Eclipse
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM