quote:

---

Effective 12/31/2017, UPS will only accept TLS 1.1 and 1.2 security protocols. It is highly recommended that the most current version, TLS1.2, be implemented. After that date, any communication requests submitted to UPS using older protocols (TLS 1.0 or earlier) will fail.

---

UPS will only be accepting TLS 1.2 connections as from the end of this year. You can check your site to see if your server is TLS 1.2 compatible by entering the URL...
yourstoreurl.com/vsadmin/ppconfirm.asp?ppdebug=tls
yourstoreurl.com/vsadmin/ppconfirm.php?ppdebug=tls
You should get a response that says "INVALID", (as that shows you connected ok, but the query was rejected.) If you get any kind of error, you may need to talk to your host about updating the server.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Hi Vince,
I just get a blank page. How should I interpret that?

Michael

Hi Michael
Are you able to accept regular PayPal transactions? You could ask your host if there is a firewall blocking connection to either of these URL's...
https://ipnpb.sandbox.paypal.com/cgi-bin/webscr
https://ipnpb.paypal.com/cgi-bin/webscr
But also, while you are there can you ask them if the server is ready for TLS 1.2 connections.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

No, we don't use PayPal, we have a capture card mod. We sell on line and have trucks that deliver on-site, so inventory is in many places. So we use our accounting software to process C Cards.
So, what would you suggest to determine TLS 1.2 connections?

Just to add: both of those links when clicked on will time out

Michael

Hi Michael
It does sound like a firewall so you could as your host if that is the case, and if so would they allow connection to the URL's I mentioned. If they can do that you can use this test. (It doesn't matter that you are not using PayPal.) But if they can't then ask them if your server is set up for TLS 1.2 connections.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

You can test your Server SSL Certificate for TLS 1.2 compliance, and much more, here ...

Qualys SSL Labs =>>

Gary

Thanks Gary for the link!
I get TLS 1.2 "YES" under the configuration tab !! Woo Hoo!

So, we will see what unfolds next

Michael

I tried the first 2 links and got a blank page on both my websites. Then I tried Gary's link and both my servers/websites passed with flying colors, and use the TLS 1.2.
Thanks, Gary. I appreciate it.
Paul

Paul Schneider Jr

Hi guys, thanks for the help.

As I stated in another thread we are getting an error connected to the UPS shipping rates server and it seems intermittent.

We do our own hosting. I was actually in this thread months ago using the links test our server and the Qualsys Lab links reports we do support TLS 1.2. Here is the Protocols results of that test:
TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 Yes
SSL 3 No
SSL 2 No

When I run the test script (yourstoreurl.com/vsadmin/ppconfirm.asp?ppdebug=tls) I get this message:

Testing URL: https://ipnpb.sandbox.paypal.com/cgi-bin/webscr
Error : Error, couldn't connect to https://ipnpb.sandbox.paypal.com/cgi-bin/webscr (-2147012739).
An error occurred in the secure channel support

Is the UPS error a for sure TLS problem or can it be something else as I am under the impression we are TLS 1.2 compatible.

Thanks again!

So I disabled the TLS 1.0 via registry and rebooted. Then the MSSQL (2005) service would not start. I've put it back for now but need to figure out what the deal is.

Hi xxcfdrr
I'm afraid that as here, the first version of SQL Server that supports TLS1.2 is MSSQL 2008
https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server
It's probably a good time to update that version of SQL Server as it's pretty out of date.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Hi Vince. I've upgraded our MS SQL to 2008 r2 with all patches and support for TLS 1.2. Running the scan at ssllabs I get:

TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No

When I run the test script (yourstoreurl.com/vsadmin/ppconfirm.asp?ppdebug=tls) I get this message:

Testing URL: https://ipnpb.sandbox.paypal.com/cgi-bin/webscr
Error : Error, couldn't connect to https://ipnpb.sandbox.paypal.com/cgi-bin/webscr (-2147012739).
An error occurred in the secure channel support

My checkout has been broken for me for a couple of days, yet I have received a few sporadic orders which is puzzling.

Any more ideas what can cause the shipping rate errors?

Thank you.

Hi xxcfdrr
Why did you just update the SQL Server version to 2008 R2 and not a later version? Is it because of the Windows OS version you are using? What is it as this could be the problem?

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Using Win2008 Server r2 sp1. Upgraded to SQL 2008 r2 because we already own it.

Did some more digging last night. Our UPS account works, has autopay so no problems there. Also, I'm getting this error during checkout on the actual web server and all other computers/browsers. Right now our checkout is broken and no orders are able to complete. Here is another screen shot of what is happening:



Thank you.

I think it's fixed now. I found some errors in the event log in system section each time I tried the checkout and received the UPS error.

A fatal error occurred while creating an SSL client credential. The internal error state is 10013.

Did a search and followed the steps here:

https://social.technet.microsoft.com/Forums/ie/en-US/aaced205-b0ec-4874-b440-8075dd74d8df/a-fatal-error-occurred-while-creating-an-ssl-client-credential-the-internal-error-state-is-10013?forum=exchangesvradmin

Seems fixed! Hope this helps someone else, permissions problems are not fun.

Well done for sorting that out and thanks for letting us know the resolution.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

A note from authorize.net

As you may be aware, new PCI DSS requirements state that all payment systems must disable earlier versions of Transport Layer Security (TLS) protocols, TLS 1.0 and TLS 1.1. Authorize.Net is set to disable those protocols on February 28, 2018.

To help the merchants identify if they’re using one of the older TLS protocols, Authorize.Net will temporarily disable those connections for a few hours on January 30, 2018 and then again on February 8, 2018.

Andy

Please feel free to review / rate our software

Hi all,

Following up on this topic we notice there are important updates that need to be made by June 2018.

We are already setup on TLS 1.2 and we are currently looking into upgrading our HTTP protocol.

With regards to the below PayPal will "Discontinue Use of GET Method". POST HTTP is replacing the GET HTTP. Just checking that the template is currently setup for this?

https://www.paypal.com/au/webapps/mpp/merchant-security-roadmap

TLS 1.2 and HTTP/1.1 Upgrade

PayPal is upgrading the protocols used to secure all external connections made to our systems. Transport Layer Security version 1.2 (TLS 1.2) and Hypertext Transfer Protocol version 1.1 (HTTP/1.1) will become mandatory for communication with PayPal in 2017. You will need to verify that your environment supports TLS 1.2 and HTTP/1.1, and if necessary make appropriate updates. For information, click here.

Act by June, 2018*
4
IPN Verification Postback to HTTPS

If you are using PayPal’s Instant Payment Notification (IPN) service, you will need to ensure that HTTPS is used when posting the message back to PayPal for verification. HTTP postbacks will no longer be supported. For information, click here.

Act by June, 2018*


Discontinue Use of GET Method for Classic NVP/SOAP APIs

PayPal will no longer support the use of the GET HTTP request method for our classic NVP/SOAP APIs. If you currently use any of these APIs, you will need to ensure that your API requests only use the POST HTTP request method. For information, click here.

Act by June, 2018*

Regards

Kev

Hi Kev
Sure thing, that's all good with regard to using the POST method and HTTPS to connect.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Thanks Vince,

Regards

Kev

Hi - I am trying to get PayPal to work on a few client sites that I have setup with the ecommerce templates software. I get a blank page testing vsadmin/ppconfirm.asp?ppdebug=tls. The host uses TLS 1.2 but I'm thinking the software is defaulting to 1.0 or 1.1. Is it possible (the host is asking this) to specify TLS 1.2 and not the others in the code?