Announcement

Collapse
No announcement yet.

Paypal upgrading to SHA-256 - what does this mean for us ?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Paypal upgrading to SHA-256 - what does this mean for us ?

    Just received the following email from paypal - does this mean that Actinic/Sellerdeck will now stop working with Paypal too !... after the shambles with Sagepay V3 we switched everything to Paypal:

    As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.

    This upgrade is scheduled for 30/9/2015; however, we may need to change this date on short notice to you to align to the industry security standard.

    You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!

    Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.

    Testing in the Sandbox is one of the best ways to make sure your integrations work. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.

    Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.

    Thanks for your patience as we continue to improve our services.

    #2
    See here:
    http://community.sellerdeck.com/showthread.php?t=56100

    Comment


      #3
      Nope. I've read that knowledge base article several times and I'm none the wiser.

      This is what this E-mail tells us:

      1. PayPal will no longer use a 1024bit root certificate. This could only be a problem if using something very old to connect to PayPal such as an old version of Internet Explorer browser (may be something like Explorer v6 or earlier).

      2. They are also suggesting the their customer prepare now for 2016 by replacing any certificates that use a 1024 bit root certficate. You will need to check with your hosting company to find out if they are phasing out 1024 bit certificates

      In conclusion, this will not directly affect SellerDeck
      1. The new email tells us that it affects IPN endpoints that we apparently use. In which case it does appear to effect Sellerdeck and is not just related to old browsers.

      2. Previous problems with Paypal IPN callbacks using SSL required the installation of two modules.

      Crypt::SSLeay
      Net::SSL

      as Sellerdecks own perl version ActinicSSL was too old to cope.

      Sellerdeck uses these modules so perhaps they could do us the honour of telling us what versions of these we will need to have installed and how to check them in order to ensure that sellerdeck will work properly with PayPal.

      3. If it's not the modules that have the impact but the SSL certificate that the web host uses then some explanation of this together with the relevant questions we should ask our host would help. I don't really understand how the hosts SSL certificate relates to the IPN callback and therefor what I should be asking them. Aren't the IPN callbacks made via http ? so where does the certificate come into it?

      4.
      In conclusion, this will not directly affect SellerDeck
      Not how I'd see it. The last time we had Paypal IPN callback issues because of SSL it had a major impact on Sellerdeck functioning as many people had orders ending up without being marked as paid. It took quite some effort from everybody to work out what the problem was and get it fixed.

      Quite why I'm having to dig down into this kind of detail to try and get a useful answer from sellerdeck is something I'm having difficulty understanding. Is it that hard for someone from sellerdeck to explain:

      - Here's the issue
      - This is how it affects sellerdeck
      - What you need to do is...

      Mike
      -----------------------------------------

      First Tackle - Fly Fishing and Game Angling

      -----------------------------------------

      Comment


        #4
        Originally posted by Mike Hughes View Post
        Not how I'd see it. The last time we had Paypal IPN callback issues because of SSL it had a major impact on Sellerdeck functioning as many people had orders ending up without being marked as paid. It took quite some effort from everybody to work out what the problem was and get it fixed.

        Quite why I'm having to dig down into this kind of detail to try and get a useful answer from sellerdeck is something I'm having difficulty understanding. Is it that hard for someone from sellerdeck to explain:

        - Here's the issue
        - This is how it affects sellerdeck
        - What you need to do is...

        Mike
        Thats exactly my memory of it too and frankly I don't trust that bland KB article at all particularly in the wake of similarly meaningless promises about Sagepay V3 implementation.

        I guess we find out in three weeks when not only can we no longer use Sagepay but perhaps Paypal goes off the air too ??? ... this will put multiple business out of business just before Christmas unless we have some idea what this actually means.

        Comment


          #5
          I am not sure if it related by we have started getting Order with paypal payments going into pending (using V9), and are having to check Paypal accounts to check if a payment has been received.
          Darren Guppy
          Golf Tee Warehouse
          Golf Tees and Golf Accessories.

          Comment


            #6
            Yes this has been happening to us on v14 since 01/10. Lots of PayPal orders going into Pending Payment and sitting there for hours until PayPal decides to release the IPN and they move across to Pending for processing.

            The customer and us get the order confirmation email as normal - within a minute - but the payment authorisation is taking 2-3 hours to arrive. And the payments don't appear in our PayPal account until then either.

            We've decided to create manual payments for these orders so we can process them quickly - seeing the order confirmation email gives us confidence that they are proper orders.

            Then when the payment authorisation from PayPal finally arrives, we simply delete the manual payment so no "Excessive Payment Received" status shows.

            Like you, I don't know if this is linked to the changes announced by PayPal or not. Either way, it's a right PITA and the bland pronouncements from Sellerdeck HQ are as ever, not the full story.
            Last edited by guccij; 06-Oct-2015, 08:39 AM. Reason: Adding user version number
            Reusable Snore Earplugs : Sample Earplugs - Wax Earplugs - Women's Earplugs - Children's Earplugs - Music Earplugs - Sleep Masks

            Comment


              #7
              Am also wondering if it's a 1and1 related issue - old style SSL etc?
              Reusable Snore Earplugs : Sample Earplugs - Wax Earplugs - Women's Earplugs - Children's Earplugs - Music Earplugs - Sleep Masks

              Comment


                #8
                That sounds exactly what we have been getting although only in the last couple of days and not on all Paypal orders, but the ones that I have manually created the payment for have not yet come through with payment authorisation from PayPal. We are also finding that the are delays of several hours before appearing in our Paypal account.
                Darren Guppy
                Golf Tee Warehouse
                Golf Tees and Golf Accessories.

                Comment


                  #9
                  We are not with 1and1 so my issue is not 1and1 related.
                  Darren Guppy
                  Golf Tee Warehouse
                  Golf Tees and Golf Accessories.

                  Comment


                    #10
                    Looks like it's PayPal's fault:

                    Live Site Status Update
                    Notification:


                    We are experiencing a system issue which may be affecting the following on the PayPal Live Site.

                    Higher 10001 internal error rates for DoDirectPayment API and DoCapture API calls
                    Delay in availability of reports in Secure FTP Reporting Server and Reporting Center

                    Technical teams are actively working towards resolving these issues, we will provide the next update by 12:00 PM PDT or as soon as the issues are resolved.

                    Sent Oct 6, 2015 11:50 AM BST by RPR
                    Start time: Oct 6, 2015 07:15 AM BST
                    At this time, there is no alternative work-around.
                    Reusable Snore Earplugs : Sample Earplugs - Wax Earplugs - Women's Earplugs - Children's Earplugs - Music Earplugs - Sleep Masks

                    Comment

                    Working...
                    X