The latest Payment Card Industry regulations require that SSLv2/3 be disabled in favour of TLSv1 on servers which accept credit card payments. However, having made that change, we can no longer receive emails from PayPal, because they only encrypt with SSLv2/3 (eg. SMTP server 173.0.84.228). Given that the POODLE vulnerability was revealed 6 months ago, it's disturbing that PayPal still haven't protected their servers from it. Do they have any plans to do so?
