POODLE vulnerability on PayPal's email servers
KeithMac
Contributor
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on
Apr-27-2015
03:09 AM
The latest Payment Card Industry regulations require that SSLv2/3 be disabled in favour of TLSv1 on servers which accept credit card payments. However, having made that change, we can no longer receive emails from PayPal, because they only encrypt with SSLv2/3 (eg. SMTP server 173.0.84.228). Given that the POODLE vulnerability was revealed 6 months ago, it's disturbing that PayPal still haven't protected their servers from it. Do they have any plans to do so?
0 REPLIES 0
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.