Announcement

Collapse
No announcement yet.

PayPal TLS 1.2 Requirement - June 2017

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    PayPal TLS 1.2 Requirement - June 2017

    Hi

    Lots of info on the subject in these forums and others, but I can't find any matching my situation.

    Starting from the beginning. The issue is this:

    https://www.paypal-knowledge.com/inf...ewlocale=en_US

    Sellerdeck is fine we are told - as I am running 16.02

    But my server is not - I am running Centos 5.11 on my server (EOL I know, but upgrading is a difficult job that I would rather not tackle right now) with OpenSSL 0.9.8.

    I can't overwrite the default OpenSSL install as I am told that breaks lots of stuff in the OS, so I followed the instructions here:

    https://miteshshah.github.io/linux/c...s-5-and-rhel5/

    to install a second version in /local. I linked a version of curl to the new version of SSL, and now I can complete the paypal test using my local version of curl:
    Code:
    /usr/bin/curl https://tlstest.paypal.com
    curl: (35) Unknown SSL protocol error in connection to tlstest.paypal.com:443
    Code:
    /usr/local/bin/curl https://tlstest.paypal.com
    PayPal_Connection_OK
    But, of course the Sellerdeck scripts use Perl, not Curl to make the calls and A) I can't find much help on how to upgrade the perl modules to use TLS 1.2 and B) I can't find any way of running the test using the same Perl modules to assure myself it will all work.

    Re A.

    1 - Paypal put together some detailed info, but it doesn't cover Perl (https://github.com/paypal/TLS-update#php)

    2 - Looking through the Sellerdeck code I only see a 'require' for Net::SSL, which I have now upgraded using cpan (which also upgraded Crypt::SSLeay):
    Code:
    cpan[2]> install Net::SSL Crypt::SSLeay
    Net::SSL is up to date (2.86).
    Crypt::SSLeay is up to date (0.72).
    but as I understand it they use the underlying system OpenSSL version, and hence I don't believe that will solve my problem.

    3 - so I think I need to compile my own Net::SSL against my /local version of OpenSSL, Is that true? If so I have some pointers here:

    http://stackoverflow.com/questions/4...nssl-with-perl
    http://www.perlmonks.org/?node_id=886237


    Re B.

    1 - Mike put together some test code - but that uses PHP and Curl, not Perl - so not a realistic test in my understanding? (http://community.sellerdeck.com/show...70&postcount=5)

    2 - I found some Perl based test code, but it uses LWP::UserAgent, not Net::SSL, so I don't think that is fully realistic? (http://www.perlmonks.org/?node_id=1166599)

    Is there any test code that uses exactly the same Perl modules and calls as the main Sellerdeck code does?

    Thanks very much
    Kevin


    FYI, the 'Troubleshooter' now shows me:

    Digest::MD5 2.36
    ActEncrypt1024 Not installed
    Exporter 5.58
    File::Temp 0.2304
    LWP::UserAgent 6.26
    Crypt::SSLeay 0.72
    CGI 3.15
    CGI::Carp 1.29
    Archive::Zip Not installed
    Net::SSL 2.86
Working...
X