avyona Posted September 10, 2015 Share Posted September 10, 2015 I received a notice from paypal regarding us using IPN on our CC3 store:Rehbecca Lowder, As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product. This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard. You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service! Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.It looks like the API connection endpoints that CC 3 uses is being phased out. I'm totally freaking out because I dont want our website to break. Does anyone know how I might upgrade the IPN protocol so that we will be compliant when the change happens? Thanks in advance for your thoughts! I hope someone can shed some light. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted September 10, 2015 Share Posted September 10, 2015 HiThis doesnt have anything to do with CubeCart as such but is down to the hosting or more specifically the SSL certificate that is being used. What is the url of your store ?Ian Quote Link to comment Share on other sites More sharing options...
avyona Posted September 10, 2015 Author Share Posted September 10, 2015 planetapplique.com and we dont have a SSL install since we use PP for processing Ian I think you are right about the SSL. There were some links in the email as well and when I clicked on them and read over the actions needing to be taken they were all related to using SHA-1 SSL certificates. I supposed then since we dont use a SSL on this domain ( I do have one for our other website which uses a EV SSL through comodo) then it doesnt affect me? Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted September 10, 2015 Share Posted September 10, 2015 I just freaked over this same email, as we DO have SSL certificates. Ian has answered my question, as to whether this is a CC or a hosting and certificate issue. Will be submitting a support ticket to Havenswift. Things like this are the reason I'm glad Ian is there for help!!! Quote Link to comment Share on other sites More sharing options...
ayz1 Posted September 10, 2015 Share Posted September 10, 2015 V6 I would assume is or will be made compatible with any changes required. As far as V3 is concerned then I would contact PayPay and they will be able to confirm what changes need to be made but if not using SSL then would guess all will be fine. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted September 11, 2015 Share Posted September 11, 2015 Please see the latest announcement.... your CubeCart v3 and v4 shop should continue to work ok too. Surely it's WAY past time to upgrade though!!?? Quote Link to comment Share on other sites More sharing options...
aris1234 Posted September 11, 2015 Share Posted September 11, 2015 I tried it on the IPN sandbox and i'm not 100% sure it worked properly. It seems to have passed my details to PayPal correct, and processed the payment, but on going back to the store it said:Error: No payment gateway variable is set!To be fair, i've not tested with the sandbox before - so this could well be normal sandbox to CC3 behaviour. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted September 11, 2015 Share Posted September 11, 2015 Every single PayPal customer that has ever used IPN at any time is receiving this email - it does not mean that there is a problem with your website ! If you are using V5 or V6, download the latest versions of the PayPal modules that Al has released this morning and then test your installation. We have done this already for multiple sites across a range of our servers and all are fineIan Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted September 11, 2015 Share Posted September 11, 2015 Ian is right.. no need to panic. But you should still upgrade to v6! Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted September 11, 2015 Share Posted September 11, 2015 As V3 and V4 get older and older and are not supported, things like this are going to continue to crop up - both are based on very old technology and while there are no known security issues with these versions, there could be some that havent been disclosed and areas like this that could become problems in the future - upgrading to V6 is the only real way forwardIan Quote Link to comment Share on other sites More sharing options...
aris1234 Posted September 11, 2015 Share Posted September 11, 2015 Upgrading is easier said than done - particularly if you have a lot of modifications. If it isn't broken, i'm not fixing it Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted September 11, 2015 Share Posted September 11, 2015 Upgrading is easier said than done - particularly if you have a lot of modifications. If it isn't broken, i'm not fixing it But if/when it does break are you or your developer experienced enough get it working again? PHP 7 will be with us before we know it. I can't say if v3 & v4 will work with it or not.If you do upgrade I would recommend doing so in a staging environment. Make an exact duplicate of your existing store (database & files), upgrade, tweak then set live when ready. <shamless_plug>This is standard procedure for new customers who sign up to our Technical Support & Management plan. </shamless_plug> Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted September 11, 2015 Share Posted September 11, 2015 planetapplique.com and we dont have a SSL install since we use PP for processingI supposed then since we dont use a SSL on this domain ( I do have one for our other website which uses a EV SSL through comodo) then it doesnt affect me?This is a common fallacy that you only need an SSL certificate (which incidentally should now really be called a TLS certificate as SSL should not really exist as a protocol any longer but I digress !) if you are using certain forms of payment gateway ! It is a legal requirement that all E-Commerce stores are PCI validated (probably 99% of them arent but still) and while having a SSL isnt a mandatory requirement, PCI validation companies do still like to see them. Secondly having an SSL helps secure not just your admin login pages but also any customer that logs in and enters their name, address, email and password into your system - people dont realise how incredibly easy it is to snoop on internet traffic and pick this information up. Thirdly, Google are already giving a ranking boost in their search engine for pages that are secure and while this is still relatively small, that is set to increase quite significantly this year if the gossip around Google is to be believed.I personally would never register an account on any website at all where I had to give any sort of personal information and certainly would never use any sort of E-Commerce store if it didnt have SSL protectionIan Quote Link to comment Share on other sites More sharing options...
avyona Posted September 11, 2015 Author Share Posted September 11, 2015 Please see the latest announcement.... your CubeCart v3 and v4 shop should continue to work ok too. Surely it's WAY past time to upgrade though!!?? It IS way past time haha! We are working on it. I have done so many modifications on my own and we have just under a million orders...my main concern is database tables matching up. Its taking some time to work on...but its coming along haha and thanks for the heads up about PHP 7! Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted September 11, 2015 Share Posted September 11, 2015 Welcome.. Have a great weekend everyone. I'm about to head off for a long car journey to Shropshire (with my laptop).. oh and the wife too. Better bring her really. Quote Link to comment Share on other sites More sharing options...
jpayam Posted September 12, 2015 Share Posted September 12, 2015 Hi,I use last cubecart 6.04 for my 2 online store and also i receive PayPal service upgrades notifaication email today As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.comto SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product. This upgrade is scheduled for 30/9/2015; however, we may need to change this date on short notice to you to align to the industry security standard.You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service! Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.Testing in the Sandbox is one of the best ways to make sure your integrations work. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.Thanks for your patience as we continue to improve our services. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted September 12, 2015 Share Posted September 12, 2015 I use last cubecart 6.04 for my 2 online store and also i receive PayPal service upgrades notifaication email todayAs said previously, just because you get this email, doesnt mean that there is a problem - it seems every PayPal user that has ever at any time taken payments and used IPN is receiving this. As you are already using V6, simply install the latest PayPal gateway module and use the Test Connection button to see if your server is configured correctlyIan Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted September 12, 2015 Share Posted September 12, 2015 (edited) In conclusion merchants using v6, v5, v4 or v3 will not need to make any changes to their store.If in the unlikely event PayPal IPN does stop working (this controls the automatic order status change) you'll need to contact your web hosting provider and ask them to make sure that the server can connect to www.paypal.com under SSL (port 443) with both fsock and cURL without error.Please note that this issue has absolutely no relation to your stores SSL certificate. Whether you have secure https or not is irrelevant. This only concerns PayPal SSL configuration.Please also note that this issue only affects payment notifications there is no risk of payments stopping. Edited September 12, 2015 by Al Brookbanks Quote Link to comment Share on other sites More sharing options...
aris1234 Posted September 12, 2015 Share Posted September 12, 2015 I thought the order status change was a separate http (not HTTPS) call from PayPal which called:modules/gateway/PayPal/ipn.phpSo, I don't think the change being talked about here is related to that (please correct me if i'm wrong).The PHP fsock calls are when the shop software calls paypal to request processing of a payment - and this includes all the billing details, what was bought, etc. In my test in the sandbox - I think this part is working. The http IPN callback didn't work - but i'm not sure this is a separate issue. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.