Post by sammysomerset » Fri Sep 11, 2015 10:30 pm

Hi there,

I've received an email from PayPal informing me that they are upgrading the certificate for paypal.com to SHA-256 security, and that this endpoint is also used by merchants using the Instant Payment Notification (IPN). They have identified my site as using this (I use the PayPal Standard payments module - which is also used on a load of other sites I've worked on)...

So... does anyone know if the PayPal Standard module (i.e. the built in one) supports SHA-256? My technical knowledge doesn't stretch this far, so would really appreciate any help. I'm sure a large number of other users will be getting the same notification as me.

If it isn't supported, can anyone advise how to fix it to work?

I'm on 1.5.6.4 (and have sites on 1.5.5.1). It would also be good to know if v2 of Opencart is supported as I plan to use this going forwards.

Thanks in advance!

Sam

New member

Posts

Joined
Fri May 24, 2013 11:58 pm

Post by SimonArthur » Fri Sep 11, 2015 10:55 pm

The PayPal website gives some quick things to check:
http://www.terranetwork.net/blog/2015/0 ... -upgrades/

"If your website uses an SSL Certificate (HTTPS encryption, padlock in browser bar on checkout), then you need to make sure that the SSL uses SHA-2. You can check this on the SSLLABS site."

According to SSLLabs, my website is OK. I don't know if this is the everything that needs to be done, but it's a start.

Newbie

Posts

Joined
Fri Sep 11, 2015 10:52 pm

Post by postidol » Sat Sep 12, 2015 12:18 am

I am wondering this as well. Most of my clients are using the Paypal Standard module. I have read around that the SHA-256 upgrade refers to if your site is using an SSL certificate. It needs to be upgraded to an SSL certificate that supports SHA-256.

But I am not sure if that is all, or if there is any implication to non-SSL sites using Paypal Standard module.

CAN ANYONE GIVE A DEFINITE ANSWER? PLEAASE! lol. :)

New member

Posts

Joined
Thu May 30, 2013 1:51 am

Post by sammysomerset » Mon Sep 14, 2015 5:18 pm

I just posted this on another thread:

Right... I asked my host about this (as my website is non SSL), and they say...

"I can confirm this will not be an issue, PayPal's notification will likely relate to requiring system connecting to their IPN service be SHA-256 capable and this is the case with the system hosting your account with us."

So basically you need to check with your hosting company! I imagine if you are using a good one, they will be fine...

New member

Posts

Joined
Fri May 24, 2013 11:58 pm
Who is online

Users browsing this forum: No registered users and 3 guests