Post by jdyach » Tue Jun 14, 2016 2:41 am

I accept PayPal payments on my opencart site and just received this email from PayPal regarding SHA-256 compliance. Is there anything that needs to be done, or will the PayPal payment plugin continue to work?

"To avoid service interruptions, please ensure that your systems are SHA-256 compatible by 17 June 2016.

At PayPal, security and safety are our top priorities and, as a result, we’re implementing a series of security upgrades throughout 2016 and 2017. To comply with industry standards, we need to move our endpoints to stronger encryption known as SHA-256 by 30 September 2016.

In preparation for our transition to SHA-256, we'll be undertaking critical testing between 17 June and 29 September 2016. During this period, if your systems aren’t SHA-256 compatible, your business’ ability to accept payments with PayPal may be temporarily impacted. We strongly recommend that your systems are compatible with SHA-256 by 17 June to ensure that your business isn’t interrupted. If your systems aren’t SHA-256 compatible by the full cutover on 30 September, your business will be unable to accept payments with PayPal until changes are made. For more details about our transition to SHA-256, please go to ... cale=en_US.

At PayPal, we’re committed to delivering the highest level of security available for our customers. Compatibility with SHA-256 will help strengthen your protection and ensure that your business systems are up to date with the latest security measures. Thank you for your continued support and for helping us maintain these standards for all our customers.

Further information

What is the purpose of the testing?

The purpose of this testing is to help us identify, with certainty, those customers who will be impacted by the full cutover to SHA-256. As part of our commitment to our customers, we'll immediately notify impacted customers so that we can better prepare them for the full cutover on 30 September.

How do I ensure that my business won't be impacted by the testing?

If your systems aren’t currently SHA-256 compatible, the details about the required changes and how to action them can be found on our 2016-2017 Merchant Security Roadmap Microsite ( ... cale=en_US).

If you're not sure whether your systems are SHA-256 compatible, we recommend that you speak with your web hosting company, e-commerce software provider, in-house web programmer or system administrator. They can assist you in making the required changes before the testing.

When will testing occur?

For a complete list of testing dates and times, please visit our SSL Certificate Upgrade Testing Schedule.



Thu Nov 12, 2015 4:08 am

Post by EvolveWebHosting » Tue Jun 14, 2016 9:28 am

If you're using an SSL Certificate, check this site to make sure your certificate is SHA-2 encrypted. If not, you'll need to get it re issued from your provider and re installed. If you're not using an SSL certificate, you should be all set.

$10.49 .com Registration and $9.99 .com Transfers in now
Guaranteed top level opencart performance and support. Risk free 30 day money back guarantee & free transfers.

User avatar
Active Member


Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA
Who is online

Users browsing this forum: No registered users and 3 guests