close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Another message from PayPal in regards to TLS 1.2

Thread begun 3/16/2018 10:35 am by TroyD | Last modified 7/12/2018 8:59 am by Ray Borduin | 5717 views | 23 replies |

TroyD

Another message from PayPal in regards to TLS 1.2

My clients are receiving messages from PayPal about another upgrade they are making. I have searched and studied this but I can not figure out if I need to change anything in my eCart setups that use PayPal Advanced.

Here is part of their message...

"Our records indicate your current PayPal integration is utilizing a version that is less than TLS 1.2. With the deadline for this security upgrade currently set at June 30, 2018, you will need to act immediately to upgrade your PayPal integration(s) to utilize TLS 1.2 cryptographic protocol PRIOR to this date.

Failure to upgrade your integration by June 30, 2018 will lead to an inability to connect to PayPal for processing customer transactions. For further information on the TLS 1.2 upgrade, please bookmark the TLS 1.2 Upgrade Microsite page and visit frequently to ensure you are armed with the most current information..."


The link they provided is https://www.paypal-notice.com/en/TLS-1.2-and-HTTP1.1-Upgrade/

Is there something I need to change in my WA eCart files?

These sites are using the PayPal Advanced setup where the user doesn't leave the site when making a payment with a credit card. The sites do have an SSL installed and when viewing the certificate's details through the browser, it says they are using TLS 1.2. So I thought maybe it might be something in the WA code that I need to update. Some of these sites where setup a couple years ago.

Thanks for any help you can provide me.

TroyD

Sign in to reply to this post

Ray BorduinWebAssist

Do a site-wide search of your code for this:

CURLOPT_SSLVERSION

if you find that on any line of code, delete that line. By default it will use the latest version of TLS, but a line with that may specify an earlier version can could be causing the issue. By simply deleting the line(s) it should automatically use the latest and greatest available.

Sign in to reply to this post
Did this help? Tips are appreciated...

TroyD

Thanks Ray,

No, I don't find CURLOPT_SSLVERSION in any of the WA files on the sites using PP Advanced. The closest is in the CallHTTP() function in the PP_PayAdv_PHP.php file, so I'm assuming it's not that.

I will see if I can get more information from them and report back.

Thanks,
TroyD

Sign in to reply to this post

Ray BorduinWebAssist

Add this code to a page:

<?php
$ch = curl_init('https://www.howsmyssl.com/a/check');
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
$data = curl_exec($ch);
curl_close($ch);
die($data);
$json = json_decode($data);
echo $json->tls_version;
?>

it should tell you if your website is configured for TLS 1.2 properly.

Sign in to reply to this post
Did this help? Tips are appreciated...

TroyD

Thanks again Ray,

I ran the code on a page in the site and posted the response in the PM area.
The end of the response is a little concerning but then again, I don't really know what it all means.

Thoughts?

Thanks
TroyD

Sign in to reply to this post

Ray BorduinWebAssist

Test paypal again. I think that should work now.

Sign in to reply to this post
Did this help? Tips are appreciated...

TroyD

Thanks again Ray. I will do that and see what they say. I appreciate the help here.

TroyD

Sign in to reply to this post

TroyD

This issue continues...Help :)

Ray,

I have been dealing with PayPal for months and I still can't get any useful help from them. When I talk to them, they tell me that 2 particular sites don't pass their tests. And when I ask why, they say "it doesn't say why it doesn't pass, just that is doesn't".

This week my client received letters in the mail which I will attach an image of here rather than trying to retype it.

These two sites are setup completely differently. One is a PayPal Advanced shopping cart with the endpoint being a PayPal Pro account. The other has one simple "Buy Now" button with the standard PayPal endpoint. And that one button is within a secure login so the only way PayPal could test that one is by the request of a payment and not by looking at the page the button is on.

Both sites have Comodo Essential SSLs and have passed all tests I know to run including the test code you provide above as well as the one you provided in the other thread http://www.webassist.com/forums/posts.php?id=41111 That test pops up "TLS 1.2" when I view the page. I also setup a sandbox for the "Buy Now" button site and I get a "Success" message from PayPal when I complete the transaction.

The one thing I have not yet tried, is mentioned in the letter under number 3 in the list of actions to take. I have not figured out how to do that. Going to tlstest.paypal.com only tells me that my browser is ok. I'm not sure how to test my actual server or these two websites.

I don't know what to try next. I am really concerned that other clients might have received these letters too and just haven't told anyone.

Can you take a look at this letter and tell me if you see anything?

Thanks so much,
TroyD

Sign in to reply to this post

Ray BorduinWebAssist

Do a full search on your site files for the text: CURLOPT_SSLVERSION

Let me know if you find it anywhere and where you find it if you do.

Sign in to reply to this post
Did this help? Tips are appreciated...

TroyD

Thanks Ray,

I think thats the first thing you had me do up top here but i will check both sites again to be sure. Maybe i missed somethimg. Im out of my office at the moment but when i get back that will be the first thing i do. Thanks for the help.

TroyD

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...