PayPal SSL Upgrade Coming

[NYRik]

I have received 2 emails over the past few months regarding PayPal's move to a new SSL API and warning stores that use it to test and upgrade before the upgrade starts this month.  Is CubeCart aware of this and are our stores still going to be able to use PayPal?  Thanks.

 

Below is the email I received:

 

This is a reminder email. If you have already taken action, please ignore this notification.

We’re contacting our merchants with some important information in response to an industry-wide security upgrade which is not unique to PayPal. This change involves upgrading Secure Sockets Layer (SSL) certificates over the course of 2015 and 2016. Our upgrade efforts for API endpoints are scheduled to start in June 2015.

Because these changes are technical in nature, we advise that you consult with your partner, website vendor, or individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please forward the information below to your technical contact for evaluation. We are here to help your technical contact work through this to ensure you continue to process payments through your current integration with us.

Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan. 

Questions can be directed to our Merchant Technical Services team on our Technical Support website. Click here for more information. 

Thanks for your patience as we continue to improve our services.

 

 

[Dirty Butter]

Welcome to the forums, NYRik! I use PP, but it's the gateway, not the plugin. I'm assuming that's why I have not received such an email. I'll send CC's GitHub a copy of your post.

[Al Brookbanks]

Thanks for the post. We have a close relationship with PayPal and we work with them regularly to make sure our integration are up to date. I don't think any changes need to be made to your store and it will continue to operate as normal. 

[Al Brookbanks]

.. To be more helpful CubeCart uses the default SSL protocol as configured in your PHP environment by your web hosting company. You'll need to check with your web host that cURL and PHP will work with the changes PayPal are introducing. It seems that they are no longer supporting weaker SSL ciphers (which can only be a good thing). 

Edited June 5, 2015 by Al Brookbanks

[havenswift-hosting]

 It seems that they are no longer supporting weaker SSL ciphers (which can only be a good thing). 

Removing support for weak SSL ciphers is something that should have been done by hosting companies by the middle of last year as part of the response to the various serious security related concerns (Heartbleed for example) that surfaced then.  If you have an SSL installed on your own website you can test it using the fantastic free service provided by Qualys (https://www.ssllabs.com/ssltest/ ) and in fact you can test any installed SSL on any site using this.

The test gives a grade and any SSL should return an A grade but the detailed reasons for the returned grade can be complex to understand and be based on a lot of different causes, some to do with the SSL itself, some with the server configuration etc so if anyone wants help understanding their own result, please contact us via our website

Ian

[Dirty Butter]

Turns out there is a change in the shipping.class.php file that needs to be made for deliveries to Canada.

See https://forums.cubecart.com/topic/49895-usps-canada-parcel-rate-zone-change-causing-issue/