Jump to content
yantechusa

Paypal IPN Verification Postback Security Update

Recommended Posts

I received the "Security Update" email from Paypal regarding Paypal IPN Verification Postback to HTTPS, it mentions that my web site needs action for the security update by June. I checked in cubecart the paypal extension setting was find and updated.  Any idea why I got this email from Paypal? Below is the link from Paypal about this security update. Thanks!

https://portal.my-tss.com/viewticket.php?tid=696821&c=IH27H4Hi

Share this post


Link to post
Share on other sites

When the customer returns to your shop from paypal it needs to be a https address as of June (I honestly thought it was always the case).

 

 

Share this post


Link to post
Share on other sites
On 4/16/2018 at 11:33 AM, Lastwolf said:

When the customer returns to your shop from paypal it needs to be a https address as of June (I honestly thought it was always the case).

 

 

Is that all there is to it? My store runs on https, so returning from PayPal should be to https, yet I received the email too,. This https IPN verification was the only issue I had flagged as requiring updating.

 

Our records indicate that you still need to make some critical security upgrades to your systems as well. If you see a "YES" next to a security change, your integration must be updated to accept these new security measures by the date specified: 

• TLS 1.2 and HTTP/1.1 Upgrade - Complete by June 2018
- 
Update Needed: No

• IPN Verification Postback to HTTPS - Complete by June 2018
- 
Update Needed: Yes

• Discontinue Use of GET Method for Classic NVP/SOAP API's - Complete by June 2018
- 
Update Needed: No

• Merchant API Certificate Credentials Upgrade - Complete by September 2018
• Please note that this may be completed earlier based on the expiration date of your certificate. 
- 
Update Needed: No

 

Share this post


Link to post
Share on other sites
Posted (edited)

Probably not, just trying to eliminate the obvious, from the error report your SSL is fine and stuff, it's just IPN postback

In the extension settings near the bottom there is 

IPN URL (Optional): 

Is that filled in wrong ?

Or more importantly does it match what is written in your Paypal profile. 

Profile > Profile and Settings> My Selling Preferences > Website preferences

Edited by Lastwolf

Share this post


Link to post
Share on other sites

Clicking the request log under the extension I get the following. The test endpoint returns to https://www.paypal

But the log shows actual transactions returning  https://ipnpb.paypal.com/cgi-bin/webscr

So I think I'm good to go.

20180619_110912.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×