lyndsiesal Posted March 2, 2018 Share Posted March 2, 2018 Is there somewhere I can view more details on PayPal IPN messages? In PayPal I see the status as "sent" but in my Cubecart transaction log I'm getting a high number of "unspecified error" in the notes section. These are complete payments with no obvious issues or errors. The unspecified error is preventing the cart from changing the order status on digital orders, which is an issue when customers expect "instant download". Thanks. Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 2, 2018 Share Posted March 2, 2018 The regular PayPal gateway uses CubeCart's "Request" function set. So, in admin, Request Log, find a record where the response is simply INVALID. Quote Link to comment Share on other sites More sharing options...
lyndsiesal Posted March 2, 2018 Author Share Posted March 2, 2018 Thank you @bsmither! I found the invalid responses but they look the same as the verified ones. What would I be looking for here? Payment in PayPal appears totally normal. Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 2, 2018 Share Posted March 2, 2018 If some are verified and some are invalid, there may be a mismatch between what PayPal has sent in its IPN versus what the module verifies with PayPal. (It seems it will be somewhat complicated to view this data.) However, since some work and others fail, I will rule out the possibility that the mechanism to talk to PayPal is not at fault - specifically the secure protocol: TLSv1.2. Let's look anyway. In admin, PHP Info, scroll to the curl table. In that table, look for SSL Version. It must be OpenSSL/1.0.2x where x is a letter, probably 'n'. Do the invalid records in Request Log show the order's details? Quote Link to comment Share on other sites More sharing options...
lyndsiesal Posted March 3, 2018 Author Share Posted March 3, 2018 This is what's in my curl table: SSL Version OpenSSL/1.0.0 Yes, the invalid records look exactly like the verified records as far as info. Thanks for your help! Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 3, 2018 Share Posted March 3, 2018 To be honest, I do not know if PayPal is rejecting https connections using older TLS protocols. Havenswift will know if OpenSSL/1.0.0 is good enough for those who are demanding TLSv1.2. I was a thought, and I didn't expect much considering, so far, we have not explained why some transactions are good and some fail. Maybe a PayPal merchant account support person can look at a recent IPN handshake and determine why PayPal sent back INVALID. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted March 7, 2018 Share Posted March 7, 2018 OpenSSL 1.0.0 is massively old and contains a huge number of security risks - version 1.0.1 is the minimum required for TLS1.2 but even that is full of holes - upgrade to the latest version Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 7, 2018 Share Posted March 7, 2018 (edited) Yes, but if OpenSSLv1.0.1 will minimally support TLS1.2, as I infer from your statement, do you think this may be the reason why PayPal is sending an INVALID response? Might they be wanting TLS1.3? Edited March 7, 2018 by bsmither Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted March 8, 2018 Share Posted March 8, 2018 PayPal along with all other payment gateways have been sending out emails to all users for about a year saying that TLS1.2 will be required and older insecure protocols will not be supported and as the user here appears to be using 1.0.0 (even that is deceptive as many distributions dont upgrade openSSL but back port security patches). I would expect that the INVALID response will be caused by that but as all of our servers were TLS1.2 compliant four or five years ago, have never come across this. All payment providers have only just been forced into using TLS1.2 so it is going to be a VERY long time before they force TLS1.3 - it was only released less than a year ago and cPanel for example doesnt even support it yet. Quote Link to comment Share on other sites More sharing options...
VyvToms Posted May 30, 2018 Share Posted May 30, 2018 I'm out of my depth here so will appreciate any help. Having read the above thread I see that my recently upgraded version of Cubecart (6.2) reports OpenSSl/1.0.1t in the curl table. How does this translate into TLS 1.2? How do I effect an upgrade? Our shop is https://shop.stithians.show/index.php Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted May 31, 2018 Share Posted May 31, 2018 Hi As I mentioned above OpenSSL, 1.0.1 will support TLS1.2 so assuming that your SSL certificate itself is TLS1.2 compliant (all *should* be now !) then you are covered although that is still an old version of OpenSSL that has huge numbers of security vulnerabilities - see https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/version_id-202288/Openssl-Openssl-1.0.1t.html Updating that is the responsibility of your hosting company and something they should do automatically - however, many hosting companies are pretty poor about updating things like this, especially the larger generic hosting companies, and you are much better off using a specialist E-Commerce hosting company Ian Quote Link to comment Share on other sites More sharing options...
VyvToms Posted June 12, 2018 Share Posted June 12, 2018 Thanks. My hosting company 1&1 has posted to say they are upgrading so hopefully all shoul;d be well. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.