Need to Upgrade Payflow Pro Gateway with Classic ASP to TLS 1.2

MarkGONU
Contributor
Contributor
Posted on
‎Jun-20-2017 04:54 PM

I have a website that may quit working on June 30 when PayPal upgrades their production servers at  payflowpro.paypal.com  to match the settings on the test servers at  pilot-payflowpro.paypal.com .  This, of course, has me quite concerned, as our e-commerce would screech to a halt.

 

My website is implemented in classic ASP.  When a transaction is to be submitted to PayPal, it uses a call to the PayPal SDK which is installed as an object in Windows (currently running on a Windows Server 2012 machine).  This is probably an old version of the SDK.  I'm not sure how to check its version number, but it may be 4.3.3 .  I can't tell for sure if PayPal still supports an SDK for Classic ASP.

 

As I've looked at the TLS 1.2 upgrade microsite that PayPal has set up, I find that it simply gives an overview and some pointers, but after a few clicks I am just going in circles getting nowhere.

 

Any help would be appreciated.

Login to Me Too
0 Kudos
Login to Reply or Kudo
4 REPLIES 4

Jalzate
New Community Member
‎Jul-06-2017 01:42 PM

Did you get your problem fixed?

On a Windows 2012 server, what you need to do is to disable TLS 1.0 and TLS 1.1.

 

Servers older than 2008 R2 do not support TLS 1.2

Login to Me Too
0 Kudos
Login to Reply or Kudo

AOTAInc
Contributor
Contributor
‎Jul-18-2017 08:59 AM

We're facing a similar problem. Legacy COM objects using the 4.3.3 .NET SDK, but even though the server has TLS 1.0 disabled, we're seeing a "The client and server cannot communicate, because they do not possess a common algorithm" error when trying the sample ASP pages included in the SDK zip file. Given that this SDK was compile against pre-NET 4.0, I don't see how they'd work with TLS 1.2. We've also tried disabling TLS 1.1 but the error continues. I opened a ticket with Payflow support to see if we get any guidance. As the OP stated, any assistance would be appreciated.

Login to Me Too
0 Kudos
Login to Reply or Kudo

AOTAInc
Contributor
Contributor
‎Jul-18-2017 11:27 AM

Through additional research and testing, I believe we have solved this issue.

The solution was applying a registry key to the server so that legacy (.NET 3.5 and before) frameworks would adhere to the OS TLS defaults instead of those defined in the frameworks.

The ultimate solution came from this article:

https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in...

In our case the KB didn't need to be applied, but the registry settings were required.

 

We were lead to this article from this post:

http://blogs.perficient.com/microsoft/2016/04/tsl-1-2-and-net-support/

Specifically, the notes at the very bottom pointing to the KBs.

Login to Me Too
Login to Reply or Kudo

MarkGONU
Contributor
Contributor
‎Oct-13-2017 10:35 AM

Thanks for this answer.  Looks very nice!

 

I am almost done switching over to a Win2012 server, so I may not pursue this solution, but it is nice to finally know there is some way to use the classic ASP SDK and patch an older version of Windows Server to handle the new protocols.

 

Login to Me Too
0 Kudos
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.