Paypal TLS 1.2

We're not patching CactuShop these days, it's so old and there is hardly anyone with ongoing support cover for it so we don't really have the resources to continue work on it.

I am not entirely sure if a patch will be possible, with .NET they've only added TLS support to .NET 4.5, and Microsoft now only supports 4.5.2 and above with security fixes. I had a quick google but didn't find anything definitive.

One hack which is perhaps possible is to skip the security postback in the Paypal code. That's the part that requires the secure connection (basically Paypal makes the callback to your site, then requires as a security check that you post back the values they send and get a 'validated' response in order to proceed). If you skip that step and just assume callbacks are genuine, it will work though there is the possibility callbacks could be faked.

Author	Message
Neil	Posted Thu 25 Feb 2016
Supreme Being Group: Forum Members Last Active: Sat 3 Nov 2018 Posts: 192, Visits: 5,220 109,843	Hello, Does anyone know if the change to PayPal supporting TLS 1.2 only will have any impact on Cactushop sites? I have a site running CactuShop Version 5.149 with PayPal and would like to know if anything will need to be done, Thanks
	REPLY QUOTE LIKE 288
Paul	Posted Thu 25 Feb 2016
große Käse Group: Administrators Last Active: Fri 15 Sep 2023 Posts: 806, Visits: 2,737 450,020	We're not patching CactuShop these days, it's so old and there is hardly anyone with ongoing support cover for it so we don't really have the resources to continue work on it. I am not entirely sure if a patch will be possible, with .NET they've only added TLS support to .NET 4.5, and Microsoft now only supports 4.5.2 and above with security fixes. I had a quick google but didn't find anything definitive. One hack which is perhaps possible is to skip the security postback in the Paypal code. That's the part that requires the secure connection (basically Paypal makes the callback to your site, then requires as a security check that you post back the values they send and get a 'validated' response in order to proceed). If you skip that step and just assume callbacks are genuine, it will work though there is the possibility callbacks could be faked. -- If my post solves your issue, can you 'Mark as Answer' so it's easier for other users to find in future. If you would like to be informed of new features, new releases, developments and occasional special bonuses, please sign up to our mailing list: http://bit.ly/19sKMZb
	REPLY QUOTE LIKE 280
Paul	Posted Thu 5 May 2016
große Käse Group: Administrators Last Active: Fri 15 Sep 2023 Posts: 806, Visits: 2,737 450,020	Further to this, we did work on Paypal ASP code on another site we handle (not CactuShop) and got it working by removing the XML verification post to Paypal, which relies on SSL/TLS. The server itself was Windows 2008 which does not support TLS 1.2 so it definitely would not have been possible on that (need at least 2008 R2 for TLS 1.2). -- If my post solves your issue, can you 'Mark as Answer' so it's easier for other users to find in future. If you would like to be informed of new features, new releases, developments and occasional special bonuses, please sign up to our mailing list: http://bit.ly/19sKMZb
	REPLY QUOTE LIKE 283
metalmania	Posted Wed 8 Jun 2016
Supreme Being Group: Forum Members Last Active: Tue 21 Jun 2016 Posts: 36, Visits: 165 22,810	Looks like PayPal have updated their notices and are no longer targeting 6/17/16 as the deadline for migration to TLS 1.2 and have moved this out to June 2017. Tags paypal, tls
	REPLY QUOTE LIKE 281

Paypal TLS 1.2

Paypal TLS 1.2

Similar Topics

Reading This Topic