Update Request: Paypal Security Upgrade. June 30 deadline fast approaching

  • 0
  • 1
  • Problem
  • Updated 2 months ago
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: Archived

Checking back on this issue that we've dialogued about over the last couple of months. The deadline of June 30 is fast approaching and now we are getting really nervous.  I'm also not sure why you keep archiving and closing the discussion vs. providing updates...also making me nervous. Could you please provide a concrete update so we know whether or not to go into damage control mode and find a back up plan in case your engineers aren't able to make the update before June 30?  Thank you for your help n this.
Photo of Thomas9351

Thomas9351

  • 564 Points 500 badge 2x thumb
  • anxious, nervous,

Posted 2 months ago

  • 0
  • 1
Photo of Thomas9351

Thomas9351

  • 564 Points 500 badge 2x thumb
Photo of Drew N

Drew N, Community Manager

  • 258,248 Points 100k badge 2x thumb
I'll have more detail, hopefully tomorrow, but I just ran a scan on Paypal.com and they still use TLS 1.0 too, so it seems everyone is waiting to clear out the old. One of my Homestead test sites actually has a higher SSL grade than Paypal.com. I am told everything is still on track, but I am trying to get some specifics to share.
Photo of Thomas9351

Thomas9351

  • 564 Points 500 badge 2x thumb
Drew -  thanks.  I've attached more detail in a letter we received directly from Paypal and our account manager at Paypal has called us or written us an email every couple of weeks to warn us that we continued to be non-compliant.  
Photo of Drew N

Drew N, Community Manager

  • 258,248 Points 100k badge 2x thumb
I can absolutely tell you that we do use TLS 1.2, however, we have not yet disable 1.0 or 1.1. It appears that neither has Paypal, so they should fail their test as well as of this moment. I will hopefully have some more detail tomorrow, but I have been assured that our certificate has been update to TLS 1.2. The other will need to be disabled to pass the tests.
Photo of Evangelist Anita

Evangelist Anita

  • 544 Points 500 badge 2x thumb
I am on here for the same thing. Paypal warning of the same upgrades or else. 
Photo of Evangelist Anita

Evangelist Anita

  • 544 Points 500 badge 2x thumb
I will check this post periodically as well because there is a serious sense of urgency Paypal is emanating. Thank you Drew and Thomas.
Photo of Thomas9351

Thomas9351

  • 564 Points 500 badge 2x thumb
Hi Drew - Any update here?  thank you.
Photo of Drew N

Drew N, Community Manager

  • 258,248 Points 100k badge 2x thumb
Not yet. I will check with some folks tomorrow.
Photo of Thomas9351

Thomas9351

  • 564 Points 500 badge 2x thumb
I wanted to check and see if there was an update today.  Thank you.
Photo of Drew N

Drew N, Community Manager

  • 258,248 Points 100k badge 2x thumb
I am doing my best to get some details for you.
Photo of Thomas9351

Thomas9351

  • 564 Points 500 badge 2x thumb
ok, thank you.
Photo of Thomas9351

Thomas9351

  • 564 Points 500 badge 2x thumb
Hi Drew.
 I'm at a point where I have to decide to pull the trigger on having web developers create a back up site for us in the event that our paypal buttons don't work on 6/30.  They need at least 10 days to create a work around for us with a new, sub optimum and skeleton site that will absorb some serious time and cost.  Can you please give me some definite assurance that there is an "on" date that I can rely on and that it is enough days in advance of 6/30 that we can have paypal test it and verify the functionality?  I would expect that your team has many reasons why it is a dicey endeavor to make any wholesale changes to the back end of sitebuilder and that you don't want to negatively affect a bunch of people with the change; however, I'm really concerned that I don't have definitive guidance either way as we approach this deadline.  Please let me know what you can.  Thank you.

This conversation is no longer open for comments or replies.