Is this plugin TLS 2.1 compliant

  • Resolved kingrobb

    (@kingrobb)


    6 years, 11 months ago

    Hello – many of my clients are getting emails from PayPal warning them that they upgrading their API system and asking clients to make sure their ecommerce site is compliant. These emails refer to making sure your connection uses the correct end-points. Those end points are set in your plugins settings. So is this plugin compliant?

    A portion of the Paypal email is below …
    ====================================

    Security and safety are top priorities for PayPal, but being a good partner to you is equally important. We have been communicating since early 2016 about our plans to strengthen the PayFlow integration as part of a broader infrastructure security initiative. We are now sharing more details with you.

    PayFlow TLS 1.2 Endpoint Upgrade

    PayFlow production endpoints are scheduled to be upgraded to TLS 1.2 starting after June 1, 2018. When that happens, we will no longer support TLS versions 1.0 and 1.1.

    In preparation for this upgrade, you are able to test your integration in the PayFlow Pilot environment, which has required TLS1.2 since February 15, 2017. We strongly encourage you to adjust your configuration and test your integration prior to the PayFlow Production upgrade currently scheduled to begin after June 1, 2018.

    For more information on the PayFlow TLS 1.2 upgrade, you can refer to our TLS 1.2 and HTTP/1.1 upgrade microsite.

    PayFlow HTTP 1.1 Endpoint Upgrade

    Along with requiring all connections be made using TLS1.2, we will also requiring HTTP/1.1 for all connections as well. To assist you in verifying the status of your integration, PayPal has created a new endpoint – https://tlstest.paypal.com – that will identify which of the security items you will need to address to connect with PayPal after June 2018.

    For more information on the PayFlow HTTP 1.1 upgrade, you can refer to our TLS 1.2 and HTTP/1.1 upgrade microsite.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor angelleye

    (@angelleye)

    Yes, our plugin is ready for this, but you need to make sure your server is ready for this as well. This depends on the PHP and cURL/OpenSSL versions you have running on your server. Please check WooCommerce -> Status in your admin panel, and you’ll see the versions for these things listed. Please let me know what the version you have is.

    Hello
    I’m also wondering about this. I’m trying to see about a server running Woocommerce with PayPal for WooCommerce that’s currently running the following.
    php 5.4.28
    cURL 7.24.0
    cURL SSL OpenSSL/1.0.0
    Could you tell me whether this will work in its current state?

    Thanks

    Plugin Contributor angelleye

    (@angelleye)

    @riordansl, You need to update your server. You need PHP 5.5.19+ and OpenSSL 1.0.1+. At this point it’s recommended to get updated to PHP 7.2.

    Of course, it’s always recommended that you backup your site files and database before doing any updates, and apply those updates to a staging copy of your site so you can test before updating your live site.

    I have the same issue. Strange as the source code shows the DIV, but not the code inside. Sometimes works, sometimes doesn’t. Some products work sometimes, and other times it’s other products. Random on and off.

    <div class=”angelleye_button_single single_add_to_cart_button disabled wc-variation-selection-needed” style=””></div>

    Plugin Contributor angelleyesupport

    (@angelleyesupport)

    @treeflips, Please check your other ticket for the same question.
    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Is this plugin TLS 2.1 compliant’ is closed to new replies.