ColinMiddleton Posted November 5, 2017 Posted November 5, 2017 I'm using osCommerce Online Merchant v2.3.4 and am tring to install PayPal App v5.0.18. I've installed it, but I'm getting errors when I try to configure it for the PayPal Sandbox so that I can start testing it. I've successfully used the Retrieve Sandbox Credentials button to set up the configuration, but when I click the Test Connection button (under Configure), I get the following error report: cURL Version: 7.55.1 cURL SSL Version: OpenSSL/1.0.2k Default Setting: Failed TLS v1.2: Failed A connection to PayPal could not be made using TLS v1.2. Please consult with your hosting provider to upgrade the cURL version that is installed with your PHP web server to support TLS v1.2 connections. This must be performed by June 30, 2017 otherwise connections will continue to fail. I've contacted the site's costing company and they have transferred the site to a server that has the cURL version compatable with TLS v1.2. When this still didn't resolve the problem, they have confirmed that it is running on the correct server and advised that I contact osCommerce for further assistance. Can anyone suggest other actions to try? Many thanks Colin Quote
ArtcoInc Posted November 5, 2017 Posted November 5, 2017 @ColinMiddleton Assuming that your domain is registered and active, and you can reach your site via the domain name (ie: www.YourDomain.com) ... Visit here, and test your domain ... https://www.ssllabs.com/ssltest/ Malcolm Quote
ColinMiddleton Posted November 6, 2017 Author Posted November 6, 2017 I've tried that. It's reported that TNS 1.0, 1.1 and 1.2 are all compatible, but that it doesn't pass SNN CAA and the certificate isn't 'Trusted'. Where do we go from here, please @Artcolnc? Many thanks Colin Quote
HVACMan Posted June 16, 2020 Posted June 16, 2020 I got the same complain from the paypal app in the General / COnnection test. but, my server is V1.2 that is fine, the direct payment does not go, the paypal express works. what did I do wrong? can any one give me a hint how to fix this problem? answer is appreciated. John Quote
Guest Posted July 7, 2020 Posted July 7, 2020 and I have same problem. paypal express works in live and sendbox mod, paypal standard works in sandbox mode bun do not in live mode. I have php 5.6, oscommerc version 2.3.4 and PayPal App v5.018 . When I run test of ssl conection I got this info: cURL Version: 7.70.0 cURL SSL Version: OpenSSL/1.1.1g Default Setting: Failed TLS v1.2: Failed A connection to PayPal could not be made using TLS v1.2. Please consult with your hosting provider to upgrade the cURL version that is installed with your PHP web server to support TLS v1.2 connections. This must be performed by June 30, 2017 otherwise connections will continue to fail. What to do, any sugestions. Thanks Vojo Quote
BrockleyJohn Posted July 10, 2020 Posted July 10, 2020 The test SSL errors are an irrelevant distraction. It fails for everyone because it tries to connect to servers that paypal created to support the upgrade (ssltest.paypal.com). These servers no longer exist. @glamocanilaktasi if everything works fine in sandbox you just need to make sure your settings are identical in live - both on your site between sandbox and live module settins and also in both paypal accounts. altoid 1 Quote Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released. Looking for a payment or shipping module? Maybe I've already done it. Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x
Guest Posted July 10, 2020 Posted July 10, 2020 Yes they are identical settings (I mean procedure are identical, values are different for live and sandbox mode) in booth accounts, but when in live mode customer pay for the ordered items and when return to my site over return link, message appear that payment was unverified and that is reason why error appeared. Quote
Guest Posted July 10, 2020 Posted July 10, 2020 Whene I change this line in includes/modules/payment/paypal_standard.php from this $this->_app->log('PS', 'UNKNOWN', ($result == 'VERIFIED') ? 1 : -1, $pptx_params, $result, (OSCOM_APP_PAYPAL_PS_STATUS == '1') ? 'live' : 'sandbox'); } if ( $result != 'VERIFIED' ) { $messageStack->add_session('header', $this->_app->getDef('module_ps_error_invalid_transaction')); to this $this->_app->log('PS', 'UNKNOWN', ($result != 'VERIFIED') ? 1 : -1, $pptx_params, $result, (OSCOM_APP_PAYPAL_PS_STATUS == '1') ? 'live' : 'sandbox'); } if ( $result == 'VERIFIED' ) { $messageStack->add_session('header', $this->_app->getDef('module_ps_error_invalid_transaction')); than working in live mode perfect, but in admin side apeare that transaction unverifed!?! Quote
BrockleyJohn Posted July 10, 2020 Posted July 10, 2020 Yes, you have told it to treat an unverified transaction as verified and vice versa. I suspect that you are not getting a reply (or an unsuccessful reply) to the verification request to paypal. This is only supposed to happen when the payment has failed and the customer needs to try again, so they end up back at the payment page instead of at the success page. What does the response in the log look like? Quote Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released. Looking for a payment or shipping module? Maybe I've already done it. Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x
Guest Posted July 10, 2020 Posted July 10, 2020 In log file: mc_gross 0.01 invoice 1396 protection_eligibility Eligible address_status confirmed item_number1 payer_id 54QT2ELNFETNA tax 0.00 address_street xxxxxxxxxxxxxx payment_date 01:39:23 Jul 10, 2020 PDT payment_status Completed charset windows-1252 address_zip 78252 mc_shipping 0.00 first_name Vojo mc_fee 0.01 address_country_code xx address_name xxxxxxxxxxx notify_version 3.9 custom 49 payer_status verified business xxxxx address_country xxxxxx num_cart_items 1 address_city trn verify_sign xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx payer_email [email protected] mc_shipping1 0.00 txn_id 0BW7925515329592J payment_type instant payer_business_name legal last_name xxxxx address_state xxxxxx item_name1 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx receiver_email [email protected] payment_fee shipping_discount 0.00 quantity1 1 insurance_amount 0.00 receiver_id YCJBZ7WFQ6Q7Q txn_type cart discount 0.00 mc_gross_1 0.01 mc_currency EUR residence_country BA shipping_method Default transaction_subject payment_gross ipn_track_id d928edc973c73 GET language SE Response <HTML><HEAD> <TITLE>Access Denied</TITLE> </HEAD><BODY> <H1>Access Denied</H1> You don't have permission to access "http://www.paypal.com/cgi-bin/webscr" on this server.<P> Reference #18.3c5b6068.1594370369.16fdda7d </BODY> </HTML> Quote
BrockleyJohn Posted July 10, 2020 Posted July 10, 2020 Check that you have the latest security certificate in catalog/ext/modules/payment/paypal/ it should be the one attached paypal.com.crt Quote Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released. Looking for a payment or shipping module? Maybe I've already done it. Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x
Guest Posted July 11, 2020 Posted July 11, 2020 9 hours ago, BrockleyJohn said: Check that you have the latest security certificate in catalog/ext/modules/payment/paypal/ it should be the one attached paypal.com.crt I had already installed this security certificate absolutely identical in catalog/ext/modules/payment/paypal/ Quote
Jack_mcs Posted July 11, 2020 Posted July 11, 2020 You may want to test your site here. Check the TLS section and make sure 1.2 is enabled and the preferred setting. If any lower versions are enabled you should ask your host to remove them. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
Guest Posted July 11, 2020 Posted July 11, 2020 Tested on this site . This is result: Summary Visit our documentation page for more information, configuration guides, and books. Known issues are documented here. This server does not support Forward Secrecy with the reference browsers. Grade capped to B. MORE INFO » This server supports TLS 1.0 and TLS 1.1. Grade capped to B. MORE INFO » This server supports TLS 1.3. Configuration Protocols TLS 1.3 Yes TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 Yes SSL 3 No SSL 2 No Cipher Suites # TLS 1.3 (server has no preference) TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS 128 TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS 256 # TLS 1.2 (server has no preference) TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp521r1 (eq. 15360 bits RSA) FS WEAK 128 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS WEAK 128 TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp521r1 (eq. 15360 bits RSA) FS WEAK 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp521r1 (eq. 15360 bits RSA) FS 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp521r1 (eq. 15360 bits RSA) FS WEAK 256 TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS WEAK 256 TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp521r1 (eq. 15360 bits RSA) FS WEAK 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp521r1 (eq. 15360 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH secp521r1 (eq. 15360 bits RSA) FS 256 # TLS 1.1 (server has no preference) # TLS 1.0 (server has no preference) Handshake Simulation Android 2.3.7 No SNI 2 RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS Android 4.0.4 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS Android 4.1.1 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp521r1 FS Android 4.2.2 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp521r1 FS Android 4.3 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp521r1 FS Android 4.4.2 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp521r1 FS Android 5.0.0 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp521r1 FS Android 6.0 RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS Android 7.0 RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH x25519 FS Android 8.0 RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH x25519 FS Android 8.1 - TLS 1.3 TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS Android 9.0 - TLS 1.3 TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS Baidu Jan 2015 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS BingPreview Jan 2015 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp521r1 FS Chrome 49 / XP SP3 RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS Chrome 69 / Win 7 R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH x25519 FS Chrome 70 / Win 10 - TLS 1.3 TLS_AES_128_GCM_SHA256 ECDH x25519 FS Chrome 80 / Win 10 R - TLS 1.3 TLS_AES_128_GCM_SHA256 ECDH x25519 FS Firefox 31.3.0 ESR / Win 7 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS Firefox 47 / Win 7 R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS Firefox 49 / XP SP3 RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS Firefox 62 / Win 7 R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH x25519 FS Firefox 73 / Win 10 R - TLS 1.3 TLS_AES_128_GCM_SHA256 ECDH x25519 FS Googlebot Feb 2018 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH x25519 FS IE 7 / Vista RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS IE 8 / XP No FS 1 No SNI 2 Server sent fatal alert: handshake_failure IE 8-10 / Win 7 R RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS IE 11 / Win 7 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS IE 11 / Win 8.1 R RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS IE 10 / Win Phone 8.0 RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS IE 11 / Win Phone 8.1 R RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_RSA_WITH_AES_128_CBC_SHA256 No FS IE 11 / Win Phone 8.1 Update R RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS IE 11 / Win 10 R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS Edge 15 / Win 10 R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS Edge 16 / Win 10 R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS Edge 18 / Win 10 R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS Edge 13 / Win Phone 10 R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS Java 6u45 No SNI 2 RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS Java 7u25 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH secp256r1 FS Java 8u161 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS Java 11.0.3 - TLS 1.3 TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS Java 12.0.1 - TLS 1.3 TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS OpenSSL 0.9.8y RSA 2048 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 2048 FS OpenSSL 1.0.1l R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp521r1 FS OpenSSL 1.0.2s R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS OpenSSL 1.1.0k R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS OpenSSL 1.1.1c R - TLS 1.3 TLS_AES_256_GCM_SHA384 ECDH x25519 FS Safari 5.1.9 / OS X 10.6.8 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH secp256r1 FS Safari 6 / iOS 6.0.1 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS Safari 6.0.4 / OS X 10.8.4 R RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS Safari 7 / iOS 7.1 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS Safari 7 / OS X 10.9 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS Safari 8 / iOS 8.4 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS Safari 8 / OS X 10.10 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS Safari 9 / iOS 9 R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS Safari 9 / OS X 10.11 R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS Safari 10 / iOS 10 R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS Safari 10 / OS X 10.12 R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS Safari 12.1.2 / MacOS 10.14.6 Beta R - TLS 1.3 TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS Safari 12.1.1 / iOS 12.3.1 R - TLS 1.3 TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS Apple ATS 9 / iOS 9 R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS Yahoo Slurp Jan 2015 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp384r1 FS YandexBot Jan 2015 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp521r1 FS # Not simulated clients (Protocol mismatch) IE 6 / XP No FS 1 No SNI 2 Protocol mismatch (not simulated) (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. (2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. (3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version. (R) Denotes a reference browser or client, with which we expect better effective security. (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). (All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake. Protocol Details DROWN No, server keys and hostname not seen elsewhere with SSLv2 (1) For a better understanding of this test, please read this longer explanation (2) Key usage data kindly provided by the Censys network search engine; original DROWN website here (3) Censys data is only indicative of possible key and certificate reuse; possibly out-of-date and not complete Secure Renegotiation Supported Secure Client-Initiated Renegotiation No Insecure Client-Initiated Renegotiation No BEAST attack Not mitigated server-side (more info) TLS 1.0: 0x2f POODLE (SSLv3) No, SSL 3 not supported (more info) POODLE (TLS) No (more info) Zombie POODLE No (more info) TLS 1.2 : 0x002f GOLDENDOODLE No (more info) TLS 1.2 : 0x002f OpenSSL 0-Length No (more info) TLS 1.2 : 0x002f Sleeping POODLE No (more info) TLS 1.2 : 0x002f Downgrade attack prevention Yes, TLS_FALLBACK_SCSV supported (more info) SSL/TLS compression No RC4 No Heartbeat (extension) No Heartbleed (vulnerability) No (more info) Ticketbleed (vulnerability) No (more info) OpenSSL CCS vuln. (CVE-2014-0224) No (more info) OpenSSL Padding Oracle vuln. (CVE-2016-2107) No (more info) ROBOT (vulnerability) No (more info) Forward Secrecy With some browsers (more info) ALPN Yes h2 http/1.1 NPN No Session resumption (caching) Yes Session resumption (tickets) Yes OCSP stapling No Strict Transport Security (HSTS) No HSTS Preloading Not in: Chrome Edge Firefox IE Public Key Pinning (HPKP) No (more info) Public Key Pinning Report-Only No Public Key Pinning (Static) No (more info) Long handshake intolerance No TLS extension intolerance No TLS version intolerance No Incorrect SNI alerts No Uses common DH primes No DH public server param (Ys) reuse No ECDH public server param reuse No Supported Named Groups secp256r1, secp384r1, secp521r1, x25519, x448 (Server has no preference) SSL 2 handshake compatibility Yes 0-RTT enabled No Quote
Jack_mcs Posted July 12, 2020 Posted July 12, 2020 You should ask your host to remove TLS 1.0 and 1.1 and set 1.2 as the preferred option. This may not be the cause of your problem but it is not right either. That is indicated by the lower grade of B. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
Guest Posted July 12, 2020 Posted July 12, 2020 My host told me that I am on shered hosting and thay can't remove TLS 1.0 and 1.1 becouse other users use this options. Quote
BrockleyJohn Posted July 12, 2020 Posted July 12, 2020 In your paypal app general configuration, check if force TLS1.2 is selected instead of default. Quote Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released. Looking for a payment or shipping module? Maybe I've already done it. Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x
Jack_mcs Posted July 12, 2020 Posted July 12, 2020 1 hour ago, glamocanilaktasi said: My host told me that I am on shered hosting and thay can't remove TLS 1.0 and 1.1 becouse other users use this options. Then you really should move to a modern host. Both versions 1.0 and 1.1 have security holes and should no longer be used. You can check the setting @BrockleyJohnmentioned. If that works, it will solve the TLS version used for Paypal. But other connections won't see that setting so that leaves a security issue, in my opinion. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
♥ecartz Posted July 12, 2020 Posted July 12, 2020 1 hour ago, glamocanilaktasi said: My host told me that I am on shered hosting and thay can't remove TLS 1.0 and 1.1 becouse other users use this options. But TLS is configurable per VirtualHost. So it can have multiple values on the same shared server. I.e. they can have one setting for most everyone and then put just those sites that need the historical settings on a different VirtualHost. If your host can't do that for you, then switching to one that can is highly advised. I mean, the very fact that they didn't just fix it is an argument in favor of switching hosts. Quote Always back up before making changes.
Guest Posted July 13, 2020 Posted July 13, 2020 12 hours ago, BrockleyJohn said: In your paypal app general configuration, check if force TLS1.2 is selected instead of default. Selected default. But I try with both version, and I got same error message. Quote
New 
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.