Paypal TLS 1.2

Posted By Neil Thu 25 Feb 2016
Add to Favorites0
Author Message
Neil
 Posted Thu 25 Feb 2016
Supreme Being

Supreme Being - (123,409 reputation)Supreme Being - (123,409 reputation)Supreme Being - (123,409 reputation)Supreme Being - (123,409 reputation)Supreme Being - (123,409 reputation)Supreme Being - (123,409 reputation)Supreme Being - (123,409 reputation)Supreme Being - (123,409 reputation)Supreme Being - (123,409 reputation)

Group: Forum Members
Last Active: Sat 3 Nov 2018
Posts: 192, Visits: 5,220
Hello,

Does anyone know if the change to PayPal supporting TLS 1.2 only will have any impact on Cactushop sites? I have a site running CactuShop Version 5.149 with PayPal and would like to know if anything will need to be done,

Thanks
Paul
 Posted Thu 25 Feb 2016
große Käse

große Käse - (508,406 reputation)große Käse - (508,406 reputation)große Käse - (508,406 reputation)große Käse - (508,406 reputation)große Käse - (508,406 reputation)große Käse - (508,406 reputation)große Käse - (508,406 reputation)große Käse - (508,406 reputation)große Käse - (508,406 reputation)

Group: Administrators
Last Active: Tue 10 Sep 2024
Posts: 807, Visits: 2,748
We're not patching CactuShop these days, it's so old and there is hardly anyone with ongoing support cover for it so we don't really have the resources to continue work on it.

I am not entirely sure if a patch will be possible, with .NET they've only added TLS support to .NET 4.5, and Microsoft now only supports 4.5.2 and above with security fixes. I had a quick google but didn't find anything definitive.

One hack which is perhaps possible is to skip the security postback in the Paypal code. That's the part that requires the secure connection (basically Paypal makes the callback to your site, then requires as a security check that you post back the values they send and get a 'validated' response in order to proceed). If you skip that step and just assume callbacks are genuine, it will work though there is the possibility callbacks could be faked.


--
If my post solves your issue, can you 'Mark as Answer' so it's easier for other users to find in future.

If you would like to be informed of new features, new releases, developments and occasional special bonuses, please sign up to our mailing list: http://bit.ly/19sKMZb
Paul
 Posted Thu 5 May 2016
große Käse

große Käse - (508,406 reputation)große Käse - (508,406 reputation)große Käse - (508,406 reputation)große Käse - (508,406 reputation)große Käse - (508,406 reputation)große Käse - (508,406 reputation)große Käse - (508,406 reputation)große Käse - (508,406 reputation)große Käse - (508,406 reputation)

Group: Administrators
Last Active: Tue 10 Sep 2024
Posts: 807, Visits: 2,748
Further to this, we did work on Paypal ASP code on another site we handle (not CactuShop) and got it working by removing the XML verification post to Paypal, which relies on SSL/TLS. The server itself was Windows 2008 which does not support TLS 1.2 so it definitely would not have been possible on that (need at least 2008 R2 for TLS 1.2).

--
If my post solves your issue, can you 'Mark as Answer' so it's easier for other users to find in future.

If you would like to be informed of new features, new releases, developments and occasional special bonuses, please sign up to our mailing list: http://bit.ly/19sKMZb
metalmania
 Posted Wed 8 Jun 2016
Supreme Being

Supreme Being - (25,776 reputation)Supreme Being - (25,776 reputation)Supreme Being - (25,776 reputation)Supreme Being - (25,776 reputation)Supreme Being - (25,776 reputation)Supreme Being - (25,776 reputation)Supreme Being - (25,776 reputation)Supreme Being - (25,776 reputation)Supreme Being - (25,776 reputation)

Group: Forum Members
Last Active: Tue 21 Jun 2016
Posts: 36, Visits: 165
Looks like PayPal have updated their notices and are no longer targeting 6/17/16 as the deadline for migration to TLS 1.2 and have moved this out to June 2017.

Similar Topics

Expand / Collapse

Reading This Topic

Expand / Collapse

Back To Top