Update 2013-09-10: Stripe are aware of the problem and upgrading some systems to fix it. I’ll update again when it is fixed.
This is just here in case someone else googles for it…
I recently tried to increase the security of my server, which I use Stripe on for payments. I followed the recommendations on my earlier blog post about Nginx and Perfect Forward Secrecy, along with some additions recommended by SSLLabs. One of those was to set the ssl_protocols to TLSv1 TLSv2 TLSv3 only, effectively turning off SSL. TLSv1 came out in 1999, so everything should support it (IE6 doesn’t, but who cares?).
Only problem: turning off SSLv3 broke Stripe webhooks. They do not support TLS.
I’ve tweeted at them, so hopefully they’ll see that and address this issue, either by fixing it or by documenting it. In the meantime you can just re-enable SSLv3 in the ssl_protocols line.