PayPal PayFlow TLS 1.2 Endpoint Upgrade

**wilorc** · 1 Jun 2018, 04:43 AM

I'm currently using Zen Cart 1.5.4. I know that I need to upgrade to 1.5.5.x, but my site is heavily modified and won't be able to do this until later this year. PayPal sent an email advising "PayFlow production endpoints are scheduled to be upgraded to TLS 1.2". My site supports TLS 1.2, which can be seen here https://www.ssllabs.com/ssltest/anal...chidcrafts.com

Will Zen Cart 1.5.4 work with this PayPal upgrade to TLS 1.2 ?

**DrByte** · 1 Jun 2018, 07:18 PM

Your report from SSL Labs indicates that "incoming" connections are TLS 1.2 capable. It doesn't test "outgoing".

If your host is truly TLS 1.2 capable for "outgoing" communications, then ZC v1.5.4 should be fine as far as the built-in PayPal modules are concerned.

You could apply the patches shown here if you want it to give you specific errors if the incompatibility is encountered: https://github.com/zencart/zencart/pull/874/files

You could also use the /extras/paypal_tlstest.php file to perform an outgoing connection test.

**wilorc** · 4 Jun 2018, 04:23 AM

Originally Posted by DrByte

Your report from SSL Labs indicates that "incoming" connections are TLS 1.2 capable. It doesn't test "outgoing".

If your host is truly TLS 1.2 capable for "outgoing" communications, then ZC v1.5.4 should be fine as far as the built-in PayPal modules are concerned.

You could apply the patches shown here if you want it to give you specific errors if the incompatibility is encountered: https://github.com/zencart/zencart/pull/874/files

You could also use the /extras/paypal_tlstest.php file to perform an outgoing connection test.

Thank you for the reply. This is very helpful, but the result was not good. It says I'm using TLS less than 1.2. My version of PHP is 5.6.34 built with OpenSSL 1.0.2n, which supports TLS 1.2.

Code:

CURL TLS Connection successful.

ERROR! Connection is using TLS version lesser than 1.2. Please use TLS1.2


Connection Details:
Array
(
    [url] => "https://tlstest.paypal.com"
    [content_type] => text/html
    [http_code] => 426
    [header_size] => 148
    [request_size] => 94
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.066529
    [namelookup_time] => 0.003242
    [connect_time] => 0.005535
    [pretransfer_time] => 0.036981
    [size_upload] => 0
    [size_download] => 73
    [speed_download] => 1097
    [speed_upload] => 0
    [download_content_length] => 73
    [upload_content_length] => 0
    [starttransfer_time] => 0.066485
    [redirect_time] => 0
)

Is there a way I can force the out going connection to be only TLS 1.2?

**wilorc** · 4 Jun 2018, 04:51 AM

Originally Posted by wilorc

Thank you for the reply. This is very helpful, but the result was not good. It says I'm using TLS less than 1.2. My version of PHP is 5.6.34 built with OpenSSL 1.0.2n, which supports TLS 1.2.

Code:

CURL TLS Connection successful.

ERROR! Connection is using TLS version lesser than 1.2. Please use TLS1.2


Connection Details:
Array
(
    [url] => "https://tlstest.paypal.com"
    [content_type] => text/html
    [http_code] => 426
    [header_size] => 148
    [request_size] => 94
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.066529
    [namelookup_time] => 0.003242
    [connect_time] => 0.005535
    [pretransfer_time] => 0.036981
    [size_upload] => 0
    [size_download] => 73
    [speed_download] => 1097
    [speed_upload] => 0
    [download_content_length] => 73
    [upload_content_length] => 0
    [starttransfer_time] => 0.066485
    [redirect_time] => 0
)

Is there a way I can force the out going connection to be only TLS 1.2?

I've just noticed that my curl version is quite old, so will update. I'm going to build PHP with the latest version of curl, which should hopefully resolve the problem.