[wp-trac] [WordPress Trac] #36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
WordPress Trac
noreply at wordpress.org
Thu May 26 01:32:14 UTC 2016
#36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
--------------------------+------------------------
Reporter: reidbusi | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: HTTP API | Version: 4.4.2
Severity: major | Resolution: duplicate
Keywords: | Focuses:
--------------------------+------------------------
Comment (by reidbusi):
It appears PayPal realised they were going to break large numbers of
websites and they have backed off on the changes till June 30th 2017
(previously June 17, 2016):
PayPal is upgrading the protocols used to secure all external connections
made to our systems. Transport Layer Security version 1.2 (TLS 1.2) and
Hypertext Transfer Protocol version 1.1 (HTTP/1.1) will become mandatory
for communication with PayPal in 2017. You will need to verify that your
environment supports TLS 1.2 and HTTP/1.1, and if necessary make
appropriate updates. '''DATE CHANGE - Act by June 30, 2017'''
https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1914
Though CentOS 6.8 was released today, so it is ready now:
"PHP cURL module now supports TLS 1.1 and TLS 1.2" and "NSS now enables
the TLS version 1.2 protocol by default"
https://access.redhat.com/documentation/en-
US/Red_Hat_Enterprise_Linux/6/html/6.8_Release_Notes/new_features_security.html
So hosts now have a whole year to roll it out.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36320#comment:29>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list