[wp-trac] [WordPress Trac] #36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
WordPress Trac
noreply at wordpress.org
Thu Mar 24 13:04:19 UTC 2016
#36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
--------------------------+-----------------------------
Reporter: reidbusi | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.4.2
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
WordPress' functions as called by WooCoomerce can no longer use the paypal
sandbox and as of 2016-06-17 it will no longer be able to talk to the
production paypal systems.
See comments here:
https://gist.github.com/mikejolley/0941e0882efcad64ea40
My host's comment:
>In order to utilize the TLS 1.2 cipher in accordance with Paypals new
policies. You would need to contact the developer of the plugin or your
site to have them update the cURLOPT to use TLS 1.2 specifically. It is
defaulting to TLS 1.0, but you can use up to TLS 1.2 if you specify it in
your code.
My reply to my host:
>WooCoommerce uses core WordPress functions to post to the PayPal IPN
url. So, then we need to get the WordPress core code modified to use the
proper curl settings. I have not had the best of luck getting
modifications accepted to the wordpress core in the past. Perhaps if the
request comes from someone like Hostgator they will listen?
>This will affect every single WooCommerce/WordPress site that is hosted
on your systems. On June 17th 2016 they will all stop working. I suggest
we head this off at the pass while we have the opportunity.
>Thanks for any additional help and weight you can add to the case to be
made to Auttomatic.
WordPress functions, as called by WooCommerce default to using curl with
HTTP/1.0 and TLS 1.0. These defaults need to be changed.
I will start work on a plugin to change this behaviour if possible, though
I would prefer to see this issue addressed in the core.
Please make this happen,
thanks
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36320>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list