We've been regularly receiving emails from Paypal with the subject line "Merchant security upgrade testing TLS 1.2 Impact" where in the body highlighted in red is the sentence "Our records indicate this Merchant Security Testing impacted you". Based on our testing etc, we believe we're ready for the full TLS 1.2 cutover and have after a first round of problems (which came around the time Paypal started doing the weekly smoke tests) we've resolved those issues. However we're still getting these emails so we're wondering if these emails show we still have an issue (and if so, can we get some details re: the issue) or if they were generated because we used to have an issue and it hasn't been checked by Paypal since. If it's the later, is there any way to turn that particular email notification off? Our Finance director is understandably nervous every time he gets this email.

I'm in the same boat, and it's stressing me out so much.

hey both, Ive checked both you guys and you look set, doesn't seem to be any TLS connections less than 1.2, the notifications look to be related to historical data, also keep in mind that you can test the changes on the PayPal sandbox environment, which is already setup to only allow TLS1.2, so if your integration works on sandbox, it will work on live 🙂

Hi MTS_Ciaran,

I'm not signed on with the account in question. Is there any way I can PM you to check out the account in question, please?

Regards,
Craig

This is the account by-the-way (Monters)

---

@Monters wrote:

Hi MTS_Ciaran,

 

I'm not signed on with the account in question. Is there any way I can PM you to check out the account in question, please?

 

Regards,
Craig

---

On that account, the notification is related to IPN traffic, small amount actually and was last seen on TLS1 on June 13th, so it looks like youre good to go. The older data point is what is driving the notifications. 

I'm in the same boat.

I believe I updated fully to TLS 1.2 yesterday prior to 2pm Pacific, and it works okay at www.sandbox.paypal.com...

However got a threatening email from PayPal this morning, telling me my payments will no longer be processed:

"Our records show that your PayPal integration uses an older encryption protocol. You must take the following actions immediately to upgrade your PayPal integration(s) to the TLS 1.2 cryptographic protocol by June 27, 2018. "

I put another sandbox transaction through the at 9:24am PST today (6/27/18), please can you confirm everything is okay your end.

For the next time you upgrade your systems, I recommend providing a report to your users indicating where the problem is (a log of the transaction process).

Hey Jet3. So I've had two separate PayPal employees confirm that I'm ok today. Apparently, they've been very conservative with their warnings. So if you weren't compliant within the last 14 days, then you'll continue to receive warnings even if you're good now. I know this comment doesn't confirm that you're okay, but hopefully it provides some peace of mind.

FYI: I got confirmation on this Post this afternoon and this morning when I rang PayPal and explained my situation. It might be worth logging into your PayPal Account and contacting Customer Support direct to get a more immediate answer.

Paypal is telling me to upgrade my security protocols to TLS 1.2 I have no idea what that is and how to upgrade it. What do I need to do