yantechusa Posted April 13, 2018 Share Posted April 13, 2018 I received the "Security Update" email from Paypal regarding Paypal IPN Verification Postback to HTTPS, it mentions that my web site needs action for the security update by June. I checked in cubecart the paypal extension setting was find and updated. Any idea why I got this email from Paypal? Below is the link from Paypal about this security update. Thanks! https://portal.my-tss.com/viewticket.php?tid=696821&c=IH27H4Hi Quote Link to comment Share on other sites More sharing options...
Lastwolf Posted April 16, 2018 Share Posted April 16, 2018 When the customer returns to your shop from paypal it needs to be a https address as of June (I honestly thought it was always the case). Quote Link to comment Share on other sites More sharing options...
Brian Verboom Posted June 19, 2018 Share Posted June 19, 2018 On 4/16/2018 at 11:33 AM, Lastwolf said: When the customer returns to your shop from paypal it needs to be a https address as of June (I honestly thought it was always the case). Is that all there is to it? My store runs on https, so returning from PayPal should be to https, yet I received the email too,. This https IPN verification was the only issue I had flagged as requiring updating. Our records indicate that you still need to make some critical security upgrades to your systems as well. If you see a "YES" next to a security change, your integration must be updated to accept these new security measures by the date specified: • TLS 1.2 and HTTP/1.1 Upgrade - Complete by June 2018 - Update Needed: No • IPN Verification Postback to HTTPS - Complete by June 2018 - Update Needed: Yes • Discontinue Use of GET Method for Classic NVP/SOAP API's - Complete by June 2018 - Update Needed: No • Merchant API Certificate Credentials Upgrade - Complete by September 2018 • Please note that this may be completed earlier based on the expiration date of your certificate. - Update Needed: No Quote Link to comment Share on other sites More sharing options...
Lastwolf Posted June 19, 2018 Share Posted June 19, 2018 (edited) Probably not, just trying to eliminate the obvious, from the error report your SSL is fine and stuff, it's just IPN postback In the extension settings near the bottom there is IPN URL (Optional): Is that filled in wrong ? Or more importantly does it match what is written in your Paypal profile. Profile > Profile and Settings> My Selling Preferences > Website preferences Edited June 19, 2018 by Lastwolf Quote Link to comment Share on other sites More sharing options...
Brian Verboom Posted June 19, 2018 Share Posted June 19, 2018 Clicking the request log under the extension I get the following. The test endpoint returns to https://www.paypal But the log shows actual transactions returning https://ipnpb.paypal.com/cgi-bin/webscr So I think I'm good to go. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.