[BlueOnyx:22194] Re: TLS 1.2 and HTTP/1.1 Upgrade For PayPal

[Ernie]

I had a couple of 5108R  servers break with Paypal over the weekend
too.

TLS 1.2 is supported, but libcurl seems to fall back to an earlier version
of TLS by default, which also seems to effect the PHP curl.so extension.

This is a pain if the programmer that wrote the site is no longer around to
do the mods required to force TLS 1.2 to be selected.


- Ernie.




> 
> Hi David,
> 
> > Has anyone done the TLS 1.2 and HTTP/1.1 update on BlueOnyx 5106R Series?
> > 
> > I know it's EOL... But is our gateway to paypal.
> Yeah, it has been EOL'ed long ago. Please migrate to BlueOnyx 5209R,
> which you can do via CMU. The instructions for that are available here:
> 
> http://www.blueonyx.it/index.php?page=cmu-migrations
> 
> Of course I can provide help with that if need be, although I'm
> currently traveling and won't be back in the office until 9th July.
> 
> There are a lot of improvements in 5209R that never made it into
> 5207R/5208R or even 5106R. To begin with we disabled TLSv1.0 and TLSv1.1
> in 5209R and only use the best chiffres. Still: As far as Paypal is
> concerned the connection between your server and the Paypal API (if you
> use the API) needs to be TLSv1.2. Depending on what shop module or
> method you use you still might need to adjust it so that TLSv1.2 is
> used. However: Typically shop modules use the best available protocol
> and chiffres after doing an auto-detect or (if not) you can configure it
> somewhere.
> 
> The OpenSSL on CentOS5 was simply too old to use some of the goodies
> that are now industry standard.
> 
> -- 
> With best regards
> 
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
> 


-- 
"I Ping therefore I am."