[wp-trac] [WordPress Trac] #36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed

WordPress Trac noreply at wordpress.org
Thu May 26 01:32:14 UTC 2016

#36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
 Reporter:  reidbusi      |       Owner:
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:
Component:  HTTP API      |     Version:  4.4.2
 Severity:  major         |  Resolution:  duplicate
 Keywords:                |     Focuses:

Comment (by reidbusi):

 It appears PayPal realised they were going to break large numbers of
 websites and they have backed off on the changes till June 30th 2017
 (previously June 17, 2016):

  PayPal is upgrading the protocols used to secure all external connections
 made to our systems. Transport Layer Security version 1.2 (TLS 1.2) and
 Hypertext Transfer Protocol version 1.1 (HTTP/1.1) will become mandatory
 for communication with PayPal in 2017. You will need to verify that your
 environment supports TLS 1.2 and HTTP/1.1, and if necessary make
 appropriate updates. '''DATE CHANGE - Act by June 30, 2017'''

 Though CentOS 6.8 was released today, so it is ready now:

  "PHP cURL module now supports TLS 1.1 and TLS 1.2" and "NSS now enables
 the TLS version 1.2 protocol by default"

 So hosts now have a whole year to roll it out.

Ticket URL: <https://core.trac.wordpress.org/ticket/36320#comment:29>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list