Is SHA-256 Supported?

  • Resolved Toshi Yoshida

    (@mikeg9999)


    9 years, 2 months ago

    Does the WPEC plugin support the upcoming PayPal change to SHA-256?

    If so, from what version?

    We have two sites on WPEC 3.9.4 but one is way back on 3.8.8.5 (which we are expecting to update in the next week or so).

    I’ve received the following email from PayPal.

    As we have previously communicated to you, PayPal is upgrading the certificate for https://www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.

    This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.

    You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!
    Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.

    Testing in the Sandbox is one of the best ways to make sure your integrations work. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.

    Full technical details can be found in our Merchant Security Syst em Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.

    Thanks for your patience as we continue to improve our services.“

    https://www.ads-software.com/plugins/wp-e-commerce/

Viewing 10 replies - 1 through 10 (of 10 total)

  • Same question…

    Thread Starter Toshi Yoshida

    (@mikeg9999)

    I see on the WooCommerce support forum they advise the SHA-256 change applies to the server/hosting rather than the shopping cart.

    My web host has advised they use the new SHA-256 Secure Hash Algorithm so I can safely disregard the PayPal email.

    It would be good if one of the WPEC devs/support could confirm this to be the case as the PayPal email seems to say it’s the cart side of things eg ‘consult with your individuals responsible for your PayPal integration‘.

    Thanks toshi – I’ve asked my host to confirm

    I’d be keen to get some confirmation of this from the plugin authors too.

    Likewise. What is the oldest version of WPEC that is able to accept SHA-256 communications?

    As far as I’m aware the position is the same as for WooCommerce.

    That is – to work successfully with the new PayPal IPN service your *server* must have the relevant SSL stack / certs set up to validate PayPal’s certificate.

    The PayPal sandbox has already been upgraded to SHA-256 – so if you can process a sandbox payment *and* receive the IPN then you’re all good. If not – you’ll need to speak to your host.

    Edward

    (@edwardinstinct)

    Official post about it here https://wpecommerce.org/news/wp-ecommerce-and-the-latest-paypal-sha-256-announcement/

    Edward – thank you very much. One item of clarification, if you don’t mind. I’m running an older version of WPEC on one site. As long as the server itself is compatible, I’ll be OK? Or is there a minimum version number of your software that is required?

    Plugin Author Justin Sainton

    (@justinsainton)

    Hi matt6303,

    As always, we recommend running the latest version of WP eCommerce. PayPal is updating their servers to require SHA256 for the same reason we make that recommendation – it’s the most secure thing you can do for your eCommerce store.

    That being said – there is no minimum version of WP eCommerce that should work with SHA256. If you need to leave a store on an old version – that should work just fine.

    Justin – I appreciate the clarification.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Is SHA-256 Supported?’ is closed to new replies.