AbleCommerce Shopping Cart Software

Posted: **Wed Mar 21, 2018 2:24 am**

A couple of our merchants have received this announcement from Paypal. Both sites are R12 SR1 and are set to use .net 4.6 in the web.config file.
Is there something AC needs to change in the source code?

Every day, hundreds of millions of people use PayPal to manage and move money online or on a mobile device. That is why one of our top priorities is to ensure both our customers and your customers have a safe, secure experience when transacting with PayPal. We are committed to providing the highest level of security to protect customer and transactional data and have been upgrading our systems to ensure we are processing on the latest and most secure protocols. One of those security protocol upgrades, in line with the Payment Card Industry (PCI) DSS mandate, is to the Transport Layer Security (TLS) cryptographic protocol, which requires TLS 1.2, no later than June 30, 2018.

Our records indicate your current PayPal integration is utilizing a version that is less than TLS 1.2. With the deadline for this security upgrade currently set at June 30, 2018, you will need to act immediately to upgrade your PayPal integration(s) to utilize TLS 1.2 cryptographic protocol PRIOR to this date.

Failure to upgrade your integration by June 30, 2018 will lead to an inability to connect to PayPal for processing customer transactions. For further information on the TLS 1.2 upgrade, please bookmark the TLS 1.2 Upgrade Microsite page and visit frequently to ensure you are armed with the most current information. You will also find information on the other merchant security upgrades on the 2017-2018 Merchant Security Microsite page.

Please note, over the next few months, PayPal will conduct several rounds of testing to emulate the upgraded security experience so merchants can understand the areas of their integration that still requiring security protocol upgrades. If you have already made the required upgrades as outlined on the 2017-2018 Merchant Security Microsite, your PayPal integrations will not be impacted. If you have not made the required upgrades, we encourage you to do so as soon as possible to avoid service interruption that may occur during our security upgrade testing activities. Dates for these tests and full deployment will be published on our Merchant Security Upgrade Testing page at least two weeks prior to implementation so please bookmark and return frequently for the most up to date information.

• Smoke test announcement, times, and endpoints found here: https://www.paypal-notice.com/en/Mercha ... e-Testing/

Posted: **Wed Mar 21, 2018 2:39 am**

Was trying to figure this out as well.. Paypal keeps sending me E-mails about it

TLS 1.2 and HTTP/1.1 Upgrade – Complete by June 30, 2017
Update Needed: Yes

But everything I test says I am upgraded so I am not sure.. I tried this on my server and it said it passed.

https://tlstest.paypal.com/

Posted: **Wed Mar 21, 2018 2:48 am**

More info- one of the merchants has asked about this info:
https://www.paypal-notice.com/en/TLS-1. ... 1-Upgrade/

Posted: **Wed Mar 21, 2018 6:15 am**

I'm guessing that would be covered by following these guidelines:
http://help.ablecommerce.com/index.htm# ... LS_1.2.htm
But, I don't use PayPal, so I can't say for sure.

Posted: **Wed Mar 21, 2018 9:51 pm**

Jay,
I'm assuming TLS1.2 is OK since it is OK for UPS and Authorize.net after making AC suggested changes. Merchants are still concerned since Paypal is sending out these notices. It would just be reassuring to get confirmation from AC.

Posted: **Wed Mar 21, 2018 11:34 pm**

Merchants are still concerned since Paypal is sending out these notices. It would just be reassuring to get confirmation from AC.

Honestly, it's hard for me to know why PayPal is sending out a notice to customers using Gold 12 SR1. I did some research last night and found AC8-3141: PayPal Security updates in effect on June 17th 2017.

http://help.ablecommerce.com/index.htm# ... atches.htm

Check out the above link. The original issue report was triggered by PayPal's TLS change to the sandbox environment. We decided at that time to upgrade the PayPal core DLLs, and so we supplied these patches via the page above. We also sent out notices through our technical news/support mailing list. This all happened around Sept. 2016.

All I know is that AbleCommerce doesn't force any specific TLS version. If it's working for UPS and Authorize.net, then I would also like to assume that it will work for Paypal. There is no reason it shouldn't, as long as the Paypal is up to date.

Thanks,
Katie

Posted: **Tue Jun 19, 2018 1:47 am**

Hi – FYI I have been told by PayPal Tech Support that they will be testing the new security connections tomorrow 6/20/18 between 7:00 AM and 11:00 AM Pacific Time. Although we have been confirmed as being in compliance it will be nice to see some PayPal activity go through during that time period without any issues before the permanent conversion at the end of the month. If you do experience PayPal or PayFlow Pro issues during that time period then the TLS1.2 requirement would be something to check into.

AbleCommerce Shopping Cart Software

Paypal changes TLS1.2

Paypal changes TLS1.2

Re: Paypal changes TLS1.2

Re: Paypal changes TLS1.2

Re: Paypal changes TLS1.2

Re: Paypal changes TLS1.2

Re: Paypal changes TLS1.2

Re: Paypal changes TLS1.2