Jump to content
  • 0

Paypal needs to change to TLS 1.2. How?


fjcasadop

Question

Paypal will block all the payments made from any system using TLS1.0 instead of TLS1.2. This is the message:

 

Your configuration use version 1.0 to communicate with PayPal.From July, all payments will be blocked.Thank you to approach your hosting company to enable the TLS version 1.2

 

And my question is... how do I change that? Or is Prestahop who has to change it for PS Cloud?

 

Thank you

Link to comment
Share on other sites

31 answers to this question

Recommended Posts

  • 0

Well, not exactly...

 

First the paypal module needs to be updated so that it uses TLS v1.2.  Why are we assuming that the server running PS Cloud does not support this version of TLS?

 

Paypal will block all the payments made from any system using TLS1.0 instead of TLS1.2. This is the message:

 

Your configuration use version 1.0 to communicate with PayPal.From July, all payments will be blocked.Thank you to approach your hosting company to enable the TLS version 1.2

 

And my question is... how do I change that? Or is Prestahop who has to change it for PS Cloud?

 

Thank you

Seems to be an information of Paypal, reading the server configuration ?

Link to comment
Share on other sites

  • 0

I checked the cloud configuration. Prestashop cloud is currently using OpenSSL 0.9.8o from June 2010. But TSL 1.2 needs minimum OpenSSL 1.0.1c. This library is supported from Apache 2.4.1 or Nginx 1.0.6.

So the TSL 1.2 supports needs more than a switch, it presumably requires reconfigured cloud servers .

Link to comment
Share on other sites

  • 0

So it is both a Paypal module update (earlier versions used SSL and TLS v1), and possibly a server update.  The OP has not returned to confirm which version of openssl they are using.  It is very likely that TLS v1.2 is not supported by the server, but don't over look the fact that the Paypal module they are using likely needs an update as well

Link to comment
Share on other sites

  • 0

So it is both a Paypal module update (earlier versions used SSL and TLS v1), and possibly a server update.  The OP has not returned to confirm which version of openssl they are using.  It is very likely that TLS v1.2 is not supported by the server, but don't over look the fact that the Paypal module they are using likely needs an update as well

 

I contacted Prestashop through the support tab, as you suggested, and they confirmed that they are aware of this problem and working on it.

Link to comment
Share on other sites

  • 0

And if you are a UK seller forget it. As far as I can tell there will be no free paypal module for UK sellers any more. Even the rather pricey paid module they point you to is no good because it is for card payments only and does not allow customers to pay with their paypal account

Link to comment
Share on other sites

  • 0

I'm tring to install paypal on my site but it output the same:

"Your configuration use version 1.0 to communicate with PayPal.From July, all payments will be blocked.Thank you to approach your hosting company to enable the TLS version 1.2".

Siteground said that my server run 1.2 tls and they proved it. The paypal module is updated. So what is that issue?

Edited by Marco X (see edit history)
Link to comment
Share on other sites

  • 0
Thanks for the answers guys! 

I'm a bit worried because there are no official news from PrestaShop so I think it will be a long, long waiting. 

 

This problem has also a large impact on lots of prestashop customers, isn't it?

Link to comment
Share on other sites

  • 0

Today with PayPal [/size]

v3.10.8 - da PrestaShop:

 

No more red error message!

 

Presta_smile.png

 

I'm going to test it with some payments as soon as possible!

 

Congrats! :)

However, my cloud testshop configuration (btw. still not updated from 1.6.1.1 by service team) from today still reports:

OpenSSL support enabled

OpenSSL Library Version OpenSSL 0.9.8o 01 Jun 2010

OpenSSL Header Version OpenSSL 0.9.8o 01 Jun 2010

Link to comment
Share on other sites

  • 0

Any info on this?

Tls verification failed. TLS version is not compatible.

Paypal ver. 4.4.4

Prestashop ver. 1.7.5.1

php 7.1.28

We use a plesk server, also in phpinfo.php i found:

Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2
OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL Header Version OpenSSL 1.0.1e 11 Feb 2013
Openssl default config /etc/pki/tls/openssl.cnf
Link to comment
Share on other sites

  • 0
18 hours ago, espacious said:

Any info on this?

Tls verification failed. TLS version is not compatible.

Paypal ver. 4.4.4

Prestashop ver. 1.7.5.1

php 7.1.28

We use a plesk server, also in phpinfo.php i found:

Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2
OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL Header Version OpenSSL 1.0.1e 11 Feb 2013
Openssl default config /etc/pki/tls/openssl.cnf

 

Hello,

  • Open your server panel (Plesk),
  • Go to domain detail page,
  • Find and click the Apache & Nginx Settings,
    image.png.7ee32aaa2bdf33baa1e375de315130ee.png
     
  • Paste:
    # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    image.png.e3774a2e2d6330c51631349a04b31814.png
     
  • and Save it.
  • That's it.

 

Link to comment
Share on other sites

  • 0

Hmm. I was told i have to update curl.

now i have:

cURL Information 7.29.0

Should be at least 7.34.x as the paypal support team told me.

Also thanks for your "how to" but i think i already have TLS1.2 enabled, as you can see in the screenshot or am i wrong?

Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2

I'm pasting also the email i got from support team if it helps someone:

Quote

Thank you for contacting us, this problem does not come from our module. Following the recent update of the Paypal side, you must ensure that your store is always compatible after the new update. the details are in the following text:

 

PayPal performs security updates on its servers.

 

This security update consists of the following:

1 - Upgrading to TLS 1.2 and HTTP / 1.1: Your server must be able to support these protocols.

 

Note: you will need at least a version of OpenSSL greater than or equal to 1.0.1 and if you use cURL, a version greater than or equal to 7.34.0. 

 

Also verify that your server has Verisign G5 Root certificate: https://knowledge.symantec.com/support/mpki-for-ssl-support/index?page=content&actp=CROSSLINK&id=SO5624

 

2 - Upgrading the SSL Certificate: In order to decrypt the new certificates, your website must be able to support the use of the SHA-256 signature algorithm.

 

==> For the 2 points above, I invite you to contact your host to check if everything is in order.

 

3 - HTTPS Standard for IPN Post Back Checks

This does not mean that your site must be in HTTPS, it just means that when your IPN script sends its response to PayPal, it must use the correct security standards.

To make sure, I invite you to contact the developer of your IPN script to ensure that the connection is done correctly.

 

It is therefore important that you verify that for all API calls as well as for IPN postbacks, your site is able to support these new standards.

 

I invite you to contact your host to ensure that your server has all these prerequisites.

 

In addition, if you use a basket management system, such as Prestashop / WooCommerce / Magento, I invite you to update your modules to ensure compatibility.

 

ATTENTION: However, I want to inform you that you do not need to buy an SSL license for your server and that these prerequisites correspond to updates of your server, neither more nor less.

Indeed an SSL license allows to have a site certified in https but the security update PayPal just asks that your shop is able to communicate with the new PayPal server, which they will have new standards. And for that, it is not necessary to have a site in HTTPS.

 

Link to comment
Share on other sites

  • 0
35 minutes ago, espacious said:

Also thanks for your "how to" but i think i already have TLS1.2 enabled, as you can see in the screenshot or am i wrong?

Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2

I'm pasting also the email i got from support team if it helps someone:

 

But you also have ssl, sslv3, tls and tls1.0 enabled.  all of which should be disabled as they are no longer secure protocols.  also with them enabled, paypal may be defaulting to them

Link to comment
Share on other sites

  • 0
On 5/8/2019 at 10:52 AM, SahinSOLMAZ said:

 

Hello,

  • Open your server panel (Plesk),
  • Go to domain detail page,
  • Find and click the Apache & Nginx Settings,
    image.png.7ee32aaa2bdf33baa1e375de315130ee.png
     
  • Paste:
    # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    image.png.e3774a2e2d6330c51631349a04b31814.png
     
  • and Save it.
  • That's it.

 

SahinSOLMAZ seems working OK, Thanks to all!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...