Jump to content

Disabling SSL3 in Apache prevents Paypal IPN Callback


Recommended Posts

We've recently disabled SSL3 on our servers due to the poodle vulnerability by adding the following :


SSLProtocol All -SSLv2 -SSLv3

SSLHonorCipherOrder on


to : /usr/local/apache/conf/includes/pre_virtualhost_global.conf


Using WHMCS version : 5.3.10


Almost immediately Paypal is no longer able to send IPN data. There is no entry in the Gateway Log, it's like nothing is being received by WHMCS at all. When the changes are reverted the problem goes away.


I've also found other people having the same issue:





Link to comment
Share on other sites



There are two types of connections that need to be addressed here:


A) WHMCS -> paypal server

B) Paypal IPN -> WHMCS server


The stackoverflow link only discusses connections from your client to paypal's server (A). Changing your apache configuration only effects (B).


Our code handles (A), paypal's code handles (B). I checked our code after the POODLE issue was released and Paypal made this blog post:




Our code has libcurl auto negotiate the most secure protocol / cipher that the remote server can handle. Paypal removing support for SSLv3 on their API servers will not cause any trouble for our existing code base. If Paypal's IPN system can't connect to your server with your specific SSL configuration, that really is something you need to talk to Paypal about.


If you have spoken with Paypal's Merchant Services and they are not able to help you, we can try contacting them as well and see if we can get your issue escalated, but that really requires you having specific communication with Paypal already.


Because the behavior which is not what we want is happening in someone else's system we have no control over, I do not consider this a defect in the software.


Have a great day,


Nate C

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated