Jump to content



HowardR

Member Since 22 Mar 2013
OFFLINE Last Active Apr 12 2017 14:40
-----

Posts I've Made

In Topic: New Payflow requirement: TLS 1.2 & HTTP/1.1

12 April 2017 - 14:42

Now PayPal says that we have until the end of June before the change goes into affect.


In Topic: New Payflow requirement: TLS 1.2 & HTTP/1.1

09 April 2017 - 13:32

Actually, the deadline is the *end* of May, not the beginning. Also, the June 9, 2014, add-on has the PayFlow modules while the March 17, 2017 version has other PayPal payment modules as well as some admin improvements that work with the PayFlow modules.


In Topic: Will older versions of PayFlow Direct Payments continue to work after May 31?

06 April 2017 - 12:44

Thank you for the reply. The PayPal App is Version 3.1. My question was about pre 3.1 versions that didn't pass the credit card information to PayPal.


In Topic: How I upgraded my database from 2.3.3 to 2.3.4

03 April 2017 - 10:46

Correction:

 

After upgrading to php 5.6, I still had the same error. After adding to my cart (as a customer) I would still get the message "Your Shopping Cart is empty!" I had made a mistake with one file (catalog/includes/classes/ shopping_cart.php) while installing Option Types V2 (Contribution 6818).


In Topic: New Payflow requirement: TLS 1.2 & HTTP/1.1

02 April 2017 - 14:35

I think I finally understand the TLS 1.2 issue.  This is a very serious issue. There are a lot of OSCommerce owners that will wake up to a nasty surprise on May 1. Those of you who are not new to this, please let me know if I am wrong in any of my statements below:

 

1. This only affects PayFlow, if you have PayPal Express Checkout also installed in your store, that should keep working. So you won't be able to accept Credit Cards, but you will be able to still accept PayPal payments.

 

2. PayPal threatened to require TLS 1.2 on May 1, 2016. but they relented. Now they say that they are going to require it on May 1, 2017. I think that they are going to follow through this time.

 

3. If you have an older PayPal PayFlow module installed, it will stop working on May 1. If you have version 3.1 of the PayFlow module installed on May 1, you are OK.

 

4. There are two versions of 3.1 on addons created by Harald Ponce de Leon. Both work. The best one is the newest:

 

 

5. These versions require TLS 1.2  (the latest security standard)  which does not run on OpenSSL 0.9.8, which just happens to be the version of Open SSL that is installed on most servers these days, due to security problems that were encountered with early versions of OpenSSL 1.0.1 and 1.0.2.  You can test which version of TLS 1.2 that you have by using the following php code in a simple php file on your system:

 

<?php function get_tls_version($sslversion = null)

{

$c = curl_init();

curl_setopt($c, CURLOPT_URL, "https://www.howsmyssl.com/a/check");

curl_setopt($c, CURLOPT_RETURNTRANSFER, true);

if ($sslversion !== null)

{

curl_setopt($c, CURLOPT_SSLVERSION, $sslversion);

}

$rbody = curl_exec($c);

if ($rbody === false)

{

$errno = curl_errno($c);

$msg = curl_error($c);

curl_close($c);

return "Error! errno = " . $errno . ", msg = " . $msg;

}

else

{

$r = json_decode($rbody);

curl_close($c);

return $r->tls_version;

}

}

echo "<pre>\n";

echo "OS: " . PHP_OS . "\n";

echo "uname: " . php_uname() . "\n"; echo "PHP version: " . phpversion() . "\n";

$curl_version = curl_version();

echo "curl version: " . $curl_version["version"] . "\n";

echo "SSL version: " . $curl_version["ssl_version"] . "\n"; echo "SSL version number: " . $curl_version["ssl_version_number"] . "\n"; echo "OPENSSL_VERSION_NUMBER: " . dechex(OPENSSL_VERSION_NUMBER) . "\n"; echo "TLS test (default): " . get_tls_version() . "\n"; echo "TLS test (TLS_v1): " . get_tls_version(1) . "\n"; echo "TLS test (TLS_v1_2): " . get_tls_version(6) . "\n"; echo "</pre>\n";

?>

 

So, if you have a store that uses PayFlow and you are using an older PayPal module, you could find yourself in deep doodoo on May 1. You better start making the transition today.