My SellerDeck Account | Newsletter | Free Trial

Community and Knowledge Base

  #1  
Old 21-Apr-2017, 10:41 AM
G.W.Green G.W.Green is offline
Administrator
Join Date: Sep 2005
Full Name: G.W.Green
Posts: 480
Thanks: 0
Thanked 66 Times in 42 Posts
Background to The Internet Security Changes

Over the next couple of years the security protocol used across the internet, and particularly for handling online payments, is being upgraded. Earlier protocols, SSL and TLS v1.0/1.1, are being replaced by TLS v1.2. At the same time at least one provider (PayPal) is enforcing an upgrade to the protocol used for information transfer, HTTP, to v1.1.

This document provides some technical background to the changes, as affecting Sellerdeck users.

HTTP & TLS

Hypertext Transfer Protocol (HTTP) is the language used for the transfer of information across the internet. HTTP v1.0 is the original language of the internet and is still generally supported, but was officially replaced by v1.1 as long ago as January 1997.

Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) enable two applications to communicate securely, protecting both the security of the user and the integrity of the information. They are often together referred to as ‘SSL’.

The prefix ‘HTTPS’ in a site address indicates that it uses (originally) SSL or (more recently) TLS to transmit HTTP data securely.

As computing power has increased over the years and hackers have found loopholes in older security protocols, newer and tougher versions have been developed. TLS v1.0 officially replaced SSL from June 2015, and was followed by v1.1. The latest version, v1.2, is already used by many applications.

What’s changing

From June 2017 application providers, including all payment gateways, will begin to withdraw support for older versions of TLS. This transition will be completed in June 2018. From that point on, only TLS v1.2 will be supported and all secure sites must support it.

PayPal will be enforcing the change earlier, in June 2017. At the same time they will also withdraw support for HTTP v1.0, requiring all communication to take place using HTTP v1.1.

At the moment, no other providers have suggested they will enforce HTTP v1.1. But all providers will enforce TLS v1.2 by June 2018.

Will my site be affected?

How this affects your site will depend on which Sellerdeck version you are using, and which services.

For step by step instructions about what you need to do, see our advice document, 'The Internet Security Changes and Your Sellerdeck Site'.

To understand more about the implications for each feature and service, please read the explanations below.
  1. Online Payments

    Regardless of the payment method used, support for TLS v1.2 in the online checkout depends on the web host. Sellerdeck Hosting servers are already being upgraded to support it.

  2. PayPal

    From 30th June 2017, at the same time as enforcing TLS v1.2, PayPal alone will also enforce the use of HTTP v1.1 for information transfer.

    Versions of Sellerdeck prior to v11.0.4 are unable to support HTTP v1.1. If you use PayPal to take online payments, then by 30th June 2017 you must be using Sellerdeck v11.0.4 or higher.

    For more information about your options in this case, see the final two sections of our guidance notes, 'The Internet Security Changes and Your Sellerdeck Site'.

  3. Sellerdeck desktop functions

    Desktop functions for the following services will all require support for TLS v1.2:

    1. Sellerdeck Payments (Commit, Refund, Void & Pay)
    2. PayPal (Capture, Refund & Void)
    3. GFS Integrated Shipping

    All of these require an upgrade to the PHP libraries embedded in earlier versions of Sellerdeck Desktop in order to support TLS v1.2.

    This upgrade was implemented in Sellerdeck 2016 (v16.0.2). If you are using this version or above, no further action is required.

If you are using an older version, you must either upgrade your Sellerdeck software or download and run the Sellerdeck PHP upgrader. For more information about these two options, see our guidance notes, 'The Internet Security Changes and Your Sellerdeck Site', and refer to the relevant section for the version of Sellerdeck Desktop that you are using.
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off



All times are GMT. The time now is 12:41 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.