cancel
Showing results for 
Search instead for 
Did you mean: 

Merchant Security Upgrade Testing (PP-LIVE-8238)

Moderator

Re: Merchant Security Upgrade Testing (PP-LIVE-8238)

Hi,

 

All of the information related to the new TLS upgrade can be found in these two resources:

https://www.paypal-notice.com/en/TLS-1.2-and-HTTP1.1-Upgrade/
and
https://www.paypal-notice.com/en/IPN-Verification-Postback-to-HTTPS/ (should you be using IPN)

In order to determine where your account was identified as having an issue, you can create a request to https://www.paypal-techsupport.com/
Our Merchant Technical Support staff can potentially provide some further guidance for you to work with your developer or CRM to ensure the necessary changes are made.

That being said, if you are currently processing transactions through your website successfully to PayPal, you are passing the new TLS protocol.

Contributor

TLS 1.2 update

I've been away until today and nobody told me I had received this TLS 1.2 notice until I returned. I have no idea how to go about testing this, as I'm not tech savvy in the slightest and I'm worried that my account will be affected due to my lack of knowledge. Can someone help me? I can't afford to lose my account.

 

I've read other questions relating to this but I have no idea what the sandbox page does or how any of this works, I'm at my wits end with anxiety at this point.

Tags (1)
PayPal Employee WRF
PayPal Employee

Re: TLS 1.2 update

 

 

 

Moderator

Re: TLS 1.2 update

Hi,

 

All of the information related to the new TLS upgrade can be found in these two resources:

and
 
In order to determine where your account was identified as having an issue, you can create a request to https://www.paypal-techsupport.com/
Our Merchant Technical Support staff can potentially provide some further guidance for you to work with your developer or CRM to ensure the necessary changes are made.
 
That being said, if you are currently processing transactions through your website successfully to PayPal, you are passing the new TLS protocol. 
 

 

 

New Community Member

Re: Merchant Security Upgrade Testing (PP-LIVE-8238)

I'm a bit confused to what is going on. I've already received an email June 19th in regards to my TLS needing to be updated? I'm unaware to what that is, let alone how that affects myself as I use invoices. Does this mean through websites such as Ko-Fi, Patreon, or even PayPal.me? I do not have any form of Paypal integration, let alone any website that I am aware of that the account is tied to aside from those mentioned above. To top it off, I have received a physical letter from PayPal saying they have been trying to contact me in regards to this update for the last two years. Letter was dated June 4th, 2018 and was received today (July 2nd, 2018). I have not in any way been notified prior to the email, or even before this letter was sent to me. Is there any way to check and see if the account was compromised and is being used in an integration? I don't see any outstanding transactions outside of the norm, so I don't understand what is going on.

Moderator

Re: Merchant Security Upgrade Testing (PP-LIVE-8238)

Hi Sara-Morrell,

If you are processing payments successfully then you are TLS compliant! Otherwise your transactions would get a connection error etc.. Should you have any further questions, feel free to contact us at https://www.paypal-techsupport.com/
Highlighted
Contributor

Re: Merchant Security Upgrade Testing (PP-LIVE-8238)

I, too, am receiving the emails that state "Immediate Action Required: Upgrade your PayPal integration.  Our records show your PayPal integration uses an older encryption protocol..."

 

I ran a test on SSL Labs and am showing that we have TLSv1.2 installed and in use. I also ran a test using the instructions here: https://github.com/paypal/TLS-update and receiving "PayPal_Connection_OK".  I can provide a link to that endpoint if you would like to test it.

 

At the bottom of the email graphic it does say "If you have already made this upgrade, thank you."  My office manager receives those emails and I would like to ensure we are compliant and good to go for the next month.  Is it possible to have someone check my account status, please?

 

*EDIT* I should note that when I used the cacert.pem file I already had with the TLS-update file above it failed, I appended the "DigiCert High Assurance EV Root CA" and "DigiCert Global Root G2 (SHA-256)" on the end and tried again and it does pass as noted above.

 

Best Regards,

POCA-2018