I have been upgrading one of my stores on a Centos 5 website from 2.3.3 to 2.3.4. It has been a slog. I've had to upgrade PHP, CURL and OpenSSL so that my website would be TLS 1.2 compliant. Along the way, I noticed a major change in the PayPal Payflow Payments modules, beginning with Version 3.0 which comes installed with OsCommerce 2.3.4:
- Older Versions. The PayFlow module (and the check-out window) gets a token from PayPal which it uses to set up a window into the PayPal website. Customers enter credit card numbers on PayPal's website, not on our website, using that window.
- Versions 3.0 and 3.1. Credit card numbers are collected on our website and passed to PayPal through a secure connection which will have to be TLS 1.2 compliant starting on June 1.
Will the earlier versions of the PayFlow Direct Payments module also have to be TLS 1.2 complaint after May 31? I have another store, on a different Centos 5 website, that I'm hoping will continue to work with PayFlow after May 31.