Major PayPal Security Update - Updates Required


#1

Greetings,

I received a notice from PayPal with huge security changes coming in 2016: https://devblog.paypal.com/upcoming-security-changes-notice/

It sounds like I need TLS 1.2 support for security certificates on websites that use PayPal. I only have one SSL and HTTPS supported site and a test shows it is using TLS 1.0 (TLS 1.0 and 1.1 connections will soon be refused by PayPal). My site uses PayPal’s IPN service, so I will probably be forced to get an SSL for my other site as well.

It sounds like cURL will also need to be upgraded to version 7.34.0: https://github.com/paypal/TLS-update

Thanks
Kind regards


#2

https://discussion.dreamhost.com/thread-146550.html has more details. The short answer is: DreamHost is ready to handle this :slight_smile:


#3

Sorry for reviving a slightly older thread, but I was curious if you were able to get PayPal working. I’m trying to use the Seamless Donations plugin for Wordpress (with PayPal), and it notified me that cURL was still at version 7.22. A response from Dreamhost email support about how to use a newer version didn’t sound promising. Thanks for any insight you might be able to provide!


#4

I’m glad you revived it. I’m getting the same notice and am hoping we can update cURL to 7.34.0 or newer.

I’ve not yet gotten a reply (expect it soon) about using a newer version. But if there’s a newer version available I look forward to learning how to use it.

-g


#5

[quote=“izzaboo, post:4, topic:63118”]
I’m glad you revived it. I’m getting the same notice and am hoping we can update cURL to 7.34.0 or newer.
I’ve not yet gotten a reply (expect it soon) about using a newer version. But if there’s a newer version available I look forward to learning how to use it.
-g[/quote]

I haven’t had any luck trying to figure this out. I’ve started looking around at other hosting providers to see if I can find one that stays a little more up to date.


#6

Dreamhost keeps telling me ‘soon’ but without giving a specific date. I am also waiting for this to take place so I can add an SSL certificate and change my IPN. cURL upgrade seems to be the first step in the process…Anyone get any different response from Dreamhost?


#7

We have processed an update of the curl package!

bourne:~# curl --version curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP

If you’re still having issues, feel free to contact support so that they can investigate further.


#8

Too bad I still get this on ownCloud:
cURL is using an outdated OpenSSL version (OpenSSL/1.0.1). Please update your operating system or features such as installing and updating apps via the app store or Federated Cloud Sharing will not work reliably.


#9

I get this message:

WARNING: Your server appears to have incompatibilities with PayPal’s requirements
cURL: 7.35.0, SSL: OpenSSL/1.0.1


#10

I posted the above message on the Seamless Donations support forum this morning to determine the next step. When I asked the question to Dreamhost, here is the reply:
“We have recently upgraded all versions of cURL on each server. As of now
your server is using version 7.35.
@hedgehog:~# curl -V
curl 7.35.0 (x86_64-pc-linux-gnu) libcur”