Knowledgebase: AbleCommerce
Paypal SSL Changes
Posted by Judy Estep on Mar 24 2015 05:04

Info about Paypal notices and changes:

Global security threats are constantly changing, and the security of our merchants continues to be our highest priority. To guard against current and future threats, we are encouraging our merchants to make the following upgrades to their integrations:

Discontinue use of the VeriSign G2 Root Certificate
Update your integration to support certificates using the SHA-256 algorithm


Replies from Able forum:

AbleCommerce is not going to care about the type of SSL certificate. This is an issue between the server and the payment gateway. If the gateway doesn't like the SSL certificate, then you need to upgrade the website SSL to use something that is compatible. This may mean using a different root certificate. AbleCommerce is just passing along info to the gateway and receiving it back as either a good or bad transaction.
Here is a site that we like to use -
You can test a website or the server and see how the SSL ranks and if there are any problems.


Judy, think of it like making a phone call using the operator.
When Able says "Go talk to PayPal", Able is making a phone call using an operator that can speak several different languages. But let's say the receiver can only speak English. When the operator places the call to PayPal, it starts with Spanish. No comprendo! So next, the operator tries French and says "bonjour". Again, the PayPal operator says 'huh??'. Eventually your operator rotates through all of it's languages to English and the PayPal operator says "I understand you, please put Judy through."
Each language is known as an SSL protocol.
The problem comes in that certain languages are old, outdated or just plain insecure. So many companies have decided that their operator will only answer calls using specific languages. That way, nobody can put a call through to them using a language everyone knows isn't very secure.
In the case of Able, Able always uses the hosting server as the operator to place the call. So if the operator (the server) is allowed to speak the language that PayPal requires, then Able's call will get completed. Thus, it's up to the hosting server to be properly configured to speak the right language(s).
So when PayPal says "We only accept TLS 1.2", what they are telling you is that your hosting server must be able to talk using TLS 1.2. Otherwise, your "operator" isn't going to speak the right language when Able talks to the PayPal operator.

This is why it's not up to Able to decide which language to speak, it's up to the server running Able.

Comments (0)