Post by Moggin » Sat Sep 12, 2015 8:38 am

Thank you.

It seems that even Paypal didn't know if the 'Immediate Attention' email so many of us received today was legitimate or not, and therefore gave conflicting advice.

But their twitter feed pointed to this thread on the community forum
https://www.paypal-community.com/t5/Abo ... 55#U997455

Active Member

Posts

Joined
Wed May 05, 2010 4:56 am

Post by OSG » Sat Sep 12, 2015 3:05 pm

Hi Guys , I received the email as well from paypal regarding verisign g2 and g5

Im using openCart 2.0.3.1 and paypal standard payments module ....

As of now - when a customer pays , they are redirected to paypal site to make payment and
then get redirect back to openCart.

As of right now this is still working , so Im not sure if this will be effected in future ? The only padlock
I see is when after checkout it redirects to paypal payment page which is https .....

I emailed paypal asking them if this will be effected by their changes ... no answer yet.

Im thinking it shouldn't be as Paypal standard does not use API's

OSG

OSG
Newbie

Posts

Joined
Fri Aug 28, 2015 12:03 am

Post by paul133 » Sat Sep 12, 2015 11:58 pm

As per a reply on the first page of this thread..............

Was told by webhost the issue is if the SSL cert on installed on your server will be valid.
My SSL cert provider and the notes from Pay Pal say it only affects Verisign SSL certs.

If your Certificate is Verisign G2 certificate and it is not suitable you need to install a new SSL cert on your server.

You do not need to do anything with opencart.

I checked my certificate with this site https://www.digicert.com/help/ which seem to give all the details ( mine is a G2 certificate BUT it is NOT a Verisign G2 certificate so is ok.)
I used Godaddy certificate and they say theirs are suitable.

Newbie

Posts

Joined
Wed Apr 13, 2011 9:52 pm

Post by simonkraus » Sun Sep 13, 2015 4:29 am

Be aware of cert checker like digicert cause it may not show the SSL Certification which is taken in the communication between your server and the PayPal endpoint.

If you use any protection service like cloudflare or something similar you would see the SSL cert of the protection service which covers the traffic between your website and the clients. But this is not what is used between your server and PayPal.

So better take my command on page 1 to check your cert.

Newbie

Posts

Joined
Sat Sep 12, 2015 4:00 am

Post by uacinfotech » Wed Sep 16, 2015 5:37 am

Conducted a test using paypals IPN simulator within their sandbox. The test completed successfully
In my case the customer uses paypal standard as the payment method. I do believe however that there are other considerations coming into play which aren't related to opencart

Newbie

Posts

Joined
Sat Sep 20, 2014 7:34 am

Post by Qphoria » Thu Sep 17, 2015 10:30 pm

You can use this tool to test if your server/site is compatible with SHA-256:
https://www.sha2sslchecker.com/

Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by i2Paq » Fri Sep 18, 2015 8:02 pm

Qphoria wrote:You can use this tool to test if your server/site is compatible with SHA-256:
https://www.sha2sslchecker.com/
What if you do not have ssl on your site?

Norman in 't Veldt
Moderator OpenCart Forums

_________________ READ and Search BEFORE POSTING _________________

Our FREE search: Find your answer FAST!.

[How to] BTW + Verzend + betaal setup.


User avatar
Global Moderator

Posts

Joined
Mon Nov 09, 2009 7:00 pm
Location - Winkel - The Netherlands

Post by tdaubs » Wed Sep 23, 2015 7:02 am

It would be great if Paypal would provide a bit more information on this upgrade. I, too, am wondering what happens on sites that don't use SSL at all.

If they roll these changes out on Sept 30th and they do break sites that don't have SSL or SHA256... I imagine their support lines are going to explode.

Image
Opencart Support . Opencart Galaxy . Buy Me a Coffee?


User avatar
Active Member

Posts

Joined
Fri Apr 08, 2011 4:51 am
Location - Southern California

Post by StitchnBe » Tue Mar 22, 2016 9:20 am

I sent a ticket to my IT person over the PayPal deprecated SSL issue. I am not very technical so I have to rely on them to sort out the SSL issue. What I want to know is why I can't access either my opencart admin panel or the Cpanel on which my site is housed? When I go to my site, I can see the same message (as it appears below) in the header of my website. It alarms me that this is visible to my customers! Can someone tell me how that happened and what I can do about it! This is the message that popped up starting today:

Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/stitchnb/public_html/ocart/system/database/mysql.php on line 6

???
Bling.

New member

Posts

Joined
Sat May 17, 2014 3:48 am

Post by Cue4cheap » Tue Mar 22, 2016 9:50 am

StitchnBe wrote:Can someone tell me how that happened and what I can do about it! This is the message that popped up starting today:

Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/stitchnb/public_html/ocart/system/database/mysql.php on line 6

???
Bling.

Your webhost updated their php version. Do a search on the forum and you'll see many post on how to fix it but basically you need to do as the error says... use mysqli bu updating your config.php files.

Mike

cue4cheap not cheap quality


Expert Member

Posts

Joined
Fri Sep 20, 2013 4:45 am

Post by StitchnBe » Thu Mar 24, 2016 12:00 pm

Cue4cheap wrote:
StitchnBe wrote:Can someone tell me how that happened and what I can do about it! This is the message that popped up starting today:

Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/stitchnb/public_html/ocart/system/database/mysql.php on line 6

???
Bling.

Your webhost updated their php version. Do a search on the forum and you'll see many post on how to fix it but basically you need to do as the error says... use mysqli bu updating your config.php files.

Mike
Thank you so very much Mike. I am now back up and running and this fix was very easy once I saw where it was to be done.

I have been told that I must upgrade my site to a current version to take advantage of security enhancements and to avoid other problems like this in future. My opencart version is 1.5.6.4. Since there is no upgrade between my current version and 2.0. How do I get from to a newer one without having to start over or spending a fortune on support. No offence to the support folks, we just need to economize. Can I do a clean install of 2.2 and migrate the files from my current site? Which files need to be migrated? Is there a good link on here with some detailed instructions on how to do this? Much thanks in advance for the guidance.
Bling

New member

Posts

Joined
Sat May 17, 2014 3:48 am

Post by Qphoria » Thu Mar 24, 2016 10:04 pm

StitchnBe wrote: My opencart version is 1.5.6.4. Since there is no upgrade between my current version and 2.0. How do I get from to a newer one without having to start over or spending a fortune on support.

2 Options
1. Hire me to do it professionally :)
or
2. Upgrade yourself using my improved upgrade script. So far there have been no reported issues with the script itself and it should be very straight forward.

Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by supak111 » Wed Aug 03, 2016 9:20 am

So can anyone answer this question, will this affect people using OpenCart without SSL and just using PayPal Standard for payments?

I'm guessing since our customers are redirected to PayPal to complete the payment upgrade doesn't have anything to do with us right?

Someone please answer this if they can. Thank you very much.
.
.
.

~ OC 3.0.3.2 and OCmods only ~


User avatar
Active Member

Posts

Joined
Fri Feb 13, 2015 12:09 pm

Post by straightlight » Wed Aug 03, 2016 7:08 pm

supak111 wrote:So can anyone answer this question, will this affect people using OpenCart without SSL and just using PayPal Standard for payments?

I'm guessing since our customers are redirected to PayPal to complete the payment upgrade doesn't have anything to do with us right?

Someone please answer this if they can. Thank you very much.
.
.
.
Hi Supak111,

followed are recent details regarding your enquiry: http://stackoverflow.com/questions/3796 ... quirements

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by supak111 » Thu Aug 04, 2016 10:15 am

I just talk to my hosting and they said they are using OpenSSL 0.9.85. So it will not work unless I have OpenSSL 1.0.1? Or is there a chance everything will work ever with OpenSSL 0.9.85?

.

~ OC 3.0.3.2 and OCmods only ~


User avatar
Active Member

Posts

Joined
Fri Feb 13, 2015 12:09 pm

Post by straightlight » Thu Aug 04, 2016 8:09 pm

supak111 wrote:I just talk to my hosting and they said they are using OpenSSL 0.9.85. So it will not work unless I have OpenSSL 1.0.1? Or is there a chance everything will work ever with OpenSSL 0.9.85?

.
It would be incorrect as well as 0.9.85 than 1.0.1 release of the OpenSSL server extension. Followed describes the minimum OpenSSL version of v1.2 from Stackoverflow: http://stackoverflow.com/questions/3531 ... pal-api-ph

However, cURL might also be limited on knowing the schema version over SSL which would also be ideal to invoke the mentioned parameter through cURL in order to successfully complete the transaction.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by Qphoria » Thu Aug 04, 2016 11:59 pm

i2Paq wrote:
Qphoria wrote:You can use this tool to test if your server/site is compatible with SHA-256:
https://www.sha2sslchecker.com/
What if you do not have ssl on your site?
Irrelevant. This isn't an SSL tester, its a server tester. There is nothing that needs to change in the code. This is purely a test to see if your server supports the newer protocol which by now most servers should. If your site fails, you need to ask your server to update or find a new server. You don't need an ssl certificate to test this.

Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by supak111 » Fri Aug 05, 2016 6:01 am

So what do we all need to do if running NO SSL on shared server hosting and Paypal Standard payment? What will need to be done so that our checkout keeps working after PayPal upgrade? I assume: NO SSL on a shared server hosting is the most common use of OpenCart so a LOT of people are in panic right now.

My shared server uses OpenSSL 0.9.85, and TSL v1.0

Would I and people in similar situations need to look for different hosting? Or is there something we can do to not have to move?

~ OC 3.0.3.2 and OCmods only ~


User avatar
Active Member

Posts

Joined
Fri Feb 13, 2015 12:09 pm

Post by EvolveWebHosting » Sat Aug 06, 2016 3:17 am

supak111 wrote:So what do we all need to do if running NO SSL on shared server hosting and Paypal Standard payment? What will need to be done so that our checkout keeps working after PayPal upgrade? I assume: NO SSL on a shared server hosting is the most common use of OpenCart so a LOT of people are in panic right now.

My shared server uses OpenSSL 0.9.85, and TSL v1.0

Would I and people in similar situations need to look for different hosting? Or is there something we can do to not have to move?
I think your answer is right here:

http://forum.opencart.com/viewtopic.php ... 20#p632349

All hosting companies should be staying up to date on security protocols. Otherwise, they shouldn't be hosting your site. I wish there was more transparency so that clients could see which companies aren't keeping up to date on matters like this.

2 Week FREE Trial of our Shared Hosting plans (DIrectAdmin or cPanel) for new customers
2 Week FREE Trial of Astra Firewall and Malware Scanner
Visit our website for full details and to start your trial today - www.evolvewebhost.com


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by AlphaState » Wed Sep 14, 2016 6:17 am

We are using Version 1.5.6.1 & PayPal Payments Standard we've been advised below we need to, '...always use the POST HTTP requests'

If anyone could explain where & how we update our code to use 'HTTPS when sending postback messages to paypal', & 'always use the POST HTTP request method when making classic NVP/SOAP API requests.' that would be much appreciated.

Host confirmation
-------------------
SSL Certificate Upgrade to SHA-256 - Yes
I'm not seeing any SSL certificate installed for the domain cricketcap.co.uk or if you are using our shared ssl certificate then it is already upgraded to SHA-256

G5 root certs
For the discontinuation of the VeriSign G2 root certificate, we can confirm that all servers within our network meet the requirements by PayPal. VeriSign G2 is not in use on our servers, and VeriSign G5 root certificate is present in the root store of all our servers.

TLS 1.2 and HTTP/1.1 Upgrade - Yes
Our shared servers support TLS 1.2

IPN Verification Postback to HTTPS
Please update your code to use HTTPS when sending postback messages to paypal.

Discontinue Use of GET Method for Classic APIs
Please update your code to always use the POST HTTP request method when making classic NVP/SOAP API requests.
-------------------

New member

Posts

Joined
Tue Jul 16, 2013 5:29 pm
Who is online

Users browsing this forum: No registered users and 48 guests