Jump to content
Latest News: (loading..)
eaglik

Cannot make TLS 1.2 work

Recommended Posts

Hello

Looking for some wisdom if anybody is able to help

I am running OSC V2.3.4

I received email from paypal saying TLS 1.2 is not setup / working properly and action is needed.

Webhosting company assures me that their servers support TLS 1.2

Report is here https://www.ssllabs.com/ssltest/analyze.html?d=kauto.co.uk  ( I do not understand it all by any means but it looks to me as if it is supported )

using the test connection button in the latest paypal add on I get

cURL Version: 7.53.0
cURL SSL Version: OpenSSL/1.0.2k

Default Setting: Failed
TLS v1.2: Failed

A connection to PayPal could not be made using TLS v1.2. Please consult with your hosting provider to upgrade the cURL version that is installed with your PHP web server to support TLS v1.2 connections.

Hosting company assures me they support and their other customers do not have problems with this.

Paypal just seem to ignore any messages from me asking for pointers of what to do next

 

Anybody got any clues or wisdom to pass on what else I can do to make this work or why it may be failing.

I am not a programmer but can generally find my way around the OSC files and make edits etc if somebody can tell me what to do

 

Any help will be greatly appreciated


Thanks

Kevin Eagling

KEE Automotive Ltd

Share this post


Link to post
Share on other sites

When you go to Admin / Tools / Server Info

what php version does it report?


For a new install or if your store isn't mobile-friendly, get the community-supported responsive osCommerce here: https://github.com/gburton/osCommerce-234-bootstrap/archive/master.zip

 

For Github users: Bootstrap addons - one per branch - https://github.com/BrockleyJohn/Responsive-osCommerce/wiki/Overview-of-Branches

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Share this post


Link to post
Share on other sites

Copied and pasted 2 minutes ago

 

Server Information

pixel_trans.gif
Server Host: www.kauto.co.uk (77.104.180.146)      Database Host: localhost (127.0.0.1)
Server OS: Linux 3.12.18-clouder0      Database: MySQL 5.6.36-82.1-log
Server Date: 2018-04-16 11:42:09 +0100 BST      Database Date: 2018-04-16 11:42:09
Server Up Time:  
pixel_trans.gif
HTTP Server: Apache
PHP Version: 5.6.35 (Zend: 2.6.0)

Thanks

Kevin Eagling

KEE Automotive Ltd

Share this post


Link to post
Share on other sites

For a new install or if your store isn't mobile-friendly, get the community-supported responsive osCommerce here: https://github.com/gburton/osCommerce-234-bootstrap/archive/master.zip

 

For Github users: Bootstrap addons - one per branch - https://github.com/BrockleyJohn/Responsive-osCommerce/wiki/Overview-of-Branches

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Share this post


Link to post
Share on other sites

You should test your site using ssl labs. The result should be at least an A and under configuration only TLS 1.2 should be enabled.

Share this post


Link to post
Share on other sites

it is reporting as being " A " result, so I guess that is OK


Thanks

Kevin Eagling

KEE Automotive Ltd

Share this post


Link to post
Share on other sites

Sorry I am probably being very stupid here

 

On the weblink it refers to a new paypal certificate and shows all kinds of key strings for the certificate

How do I install this ?

When I view the original certificate ( paypal.com.crt ) on my PC it just shows as being a certificate rather than a file with all the cert details and keys in it.

Is this something I have to install or just copy/paste somewhere


Thanks

Kevin Eagling

KEE Automotive Ltd

Share this post


Link to post
Share on other sites
1 hour ago, eaglik said:

it is reporting as being " A " result, so I guess that is OK

The important part is what it shows for TLS. Is TLS 1.2 the only one enabled? If not, ask your host to remove the others. They have to by June anyway so they shouldn't complain about it.

Share this post


Link to post
Share on other sites
1 hour ago, eaglik said:

Sorry I am probably being very stupid here

 

On the weblink it refers to a new paypal certificate and shows all kinds of key strings for the certificate

How do I install this ?

When I view the original certificate ( paypal.com.crt ) on my PC it just shows as being a certificate rather than a file with all the cert details and keys in it.

Is this something I have to install or just copy/paste somewhere

They're saying they just overwrote the one in ext/modules/payment/paypal with the attached

paypal.com.crt


For a new install or if your store isn't mobile-friendly, get the community-supported responsive osCommerce here: https://github.com/gburton/osCommerce-234-bootstrap/archive/master.zip

 

For Github users: Bootstrap addons - one per branch - https://github.com/BrockleyJohn/Responsive-osCommerce/wiki/Overview-of-Branches

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Share this post


Link to post
Share on other sites

The certificate in ext/modules/payment/paypal needs to be updated.  It's missing the two on the bottom at this link.

https://raw.githubusercontent.com/paypal/TLS-update/master/php/cacert.pem

I've been running paypal for a while and I was able to process orders but it was showing failed on the test.  Once updated, it shows success.  In the past, I had successful tests.


I'm not really a dog.

Share this post


Link to post
Share on other sites
6 minutes ago, John W said:

The certificate in ext/modules/payment/paypal needs to be updated.  It's missing the two on the bottom at this link.

https://raw.githubusercontent.com/paypal/TLS-update/master/php/cacert.pem

I've been running paypal for a while and I was able to process orders but it was showing failed on the test.  Once updated, it shows success.  In the past, I had successful tests.

The one I posted has this done for you, just copy it into the folder...


For a new install or if your store isn't mobile-friendly, get the community-supported responsive osCommerce here: https://github.com/gburton/osCommerce-234-bootstrap/archive/master.zip

 

For Github users: Bootstrap addons - one per branch - https://github.com/BrockleyJohn/Responsive-osCommerce/wiki/Overview-of-Branches

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Share this post


Link to post
Share on other sites

John

That link for the new certificate simply over writing the old one in OSC worked a treat.

I now get 2 green results in the paypal test feature so hopefully this will keep them happy.

Thankyou so much for all your help

Thanks also go to Jack and John W


Thanks

Kevin Eagling

KEE Automotive Ltd

Share this post


Link to post
Share on other sites

great stuff!


For a new install or if your store isn't mobile-friendly, get the community-supported responsive osCommerce here: https://github.com/gburton/osCommerce-234-bootstrap/archive/master.zip

 

For Github users: Bootstrap addons - one per branch - https://github.com/BrockleyJohn/Responsive-osCommerce/wiki/Overview-of-Branches

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×