Is this plugin TLS 2.1 compliant
-
Hello – many of my clients are getting emails from PayPal warning them that they upgrading their API system and asking clients to make sure their ecommerce site is compliant. These emails refer to making sure your connection uses the correct end-points. Those end points are set in your plugins settings. So is this plugin compliant?
A portion of the Paypal email is below …
====================================Security and safety are top priorities for PayPal, but being a good partner to you is equally important. We have been communicating since early 2016 about our plans to strengthen the PayFlow integration as part of a broader infrastructure security initiative. We are now sharing more details with you.
PayFlow TLS 1.2 Endpoint Upgrade
PayFlow production endpoints are scheduled to be upgraded to TLS 1.2 starting after June 1, 2018. When that happens, we will no longer support TLS versions 1.0 and 1.1.
In preparation for this upgrade, you are able to test your integration in the PayFlow Pilot environment, which has required TLS1.2 since February 15, 2017. We strongly encourage you to adjust your configuration and test your integration prior to the PayFlow Production upgrade currently scheduled to begin after June 1, 2018.
For more information on the PayFlow TLS 1.2 upgrade, you can refer to our TLS 1.2 and HTTP/1.1 upgrade microsite.
PayFlow HTTP 1.1 Endpoint Upgrade
Along with requiring all connections be made using TLS1.2, we will also requiring HTTP/1.1 for all connections as well. To assist you in verifying the status of your integration, PayPal has created a new endpoint – https://tlstest.paypal.com – that will identify which of the security items you will need to address to connect with PayPal after June 2018.
For more information on the PayFlow HTTP 1.1 upgrade, you can refer to our TLS 1.2 and HTTP/1.1 upgrade microsite.
- The topic ‘Is this plugin TLS 2.1 compliant’ is closed to new replies.