Thread: POODLE vulnerability in SSLv3
View Single Post
  #21  
Old 10-18-2014, 11:57 AM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
   
Join Date: Apr 2007
Posts: 14,190
 
Default Re: POODLE vulnerability in SSLv3
XC uses SSL 3 in these files as well

func.https_X.php

where X is libcurl, curl, openssl, ssleay

It is OFF by default but other code in XC may set it to true when used. Solution will be to find the line in the file that sets the option for SSL3 and comment it out for example in

func.https_libcurl.php there is this

PHP Code:
if ($use_ssl3)
        curl_setopt ($chCURLOPT_SSLVERSION3); 

so just comment it out

PHP Code:
//   if ($use_ssl3)
       // curl_setopt ($ch, CURLOPT_SSLVERSION, 3); 

This is untested so make sure you do some test orders if changing it

QT can we get clarification on this and a patch for XC if possible
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote