IPN Verification Postback to HTTPS

Our plugin is ready to go for this, so no worries there directly. You do need to make sure your web server is updated. As long as it isn’t running on 10+ year old software you’ll be good.

You can find more info about this here. Most importantly:

If you want to use TLS 1.2 you’ll need to upgrade to OpenSSL 1.0.1 as a minimum, and then you’ll be able to set CURLOPT_SSLVERSION to 6 (TLS 1.2).

If you want TLS 1.2 to be used automatically during SSL requests, you’ll also need to upgrade to PHP 5.5.19+ (this is the ideal solution but many projects are still on older PHP versions).

Let me know if you have any other questions or concerns about that.

OK, thanks. And yes our server is running OpenSSL 1.0.1 and can use TLS 1.2. Plus site is using PHP 7.0. Not sure why Paypal flagged the site with that issue though since we should be ok as the plugin is ready.

Oh, it was a specific message that said your site failed that test..?? They’ve been sending generic information about this to everybody lately, so I thought that’s what you were referring to.

Reading that again it seems that you simply need to update your IPN script to post back to PayPal using https:// instead of https://. If you’re using our PayPal IPN for WordPress plugin it would be handled for you, so I’m assuming you aren’t using that if you got that message. You just need to go into your IPN script, find where it posts the data back to PayPal for verification, and make sure it’s using https://

Yes, I believe it was a specific message as it said it passed the other 3 tests as Change required was indicated as No (Merchant API Certificate Credential Upgrade: No, TLS 1.2 and HTTP/1.1 Upgrade: No, Discontinue Use of GET Method of Classic NVP/SOAP: No). It says: If you see a “YES” next to a security change, your integration must be updated to accept these new security measures as soon as possible. And the only one that had a yes was IPN Verification Postback to HTTPS.
TO clarify, this is the plugin we are using: https://www.ads-software.com/plugins/paypal-for-woocommerce/. Specifically we are using the Paypal Express Checkout feature and have provided a Live API User Name, Live API Password, and Live API Signature. I do not see any IPN url settings here. Thoughts?
Thanks.

This PayPal for WooCommerce does not have IPN built into it. We built our separate PayPal IPN for WordPress plugin for that so that it wouldn’t be limited to just WooCommerce order updates. There is a heck of a lot more you can do with IPN, which is why we built the separate plugin for it.

So it sounds like you must have IPN configured in your PayPal account, but whatever URL that is pointing to is configured to post back properly. You need to check your PayPal account profile under IPN settings and see what URL you have setup for IPN.

What you are saying makes sense. We’ll look into that. Probably an old IPN url that stopped being used some time ago. Thanks.