Paypal SHA-256 warning with cPanel and WordPress DAP?
I received the message below from Paypal. I'm concerned this change could interfere with my ability to process payments using some of the scripts on the server.
Quote:
Here is one of the responses I received from the developer, and below that you'll find the email Paypal sent with the issue I'm concerned about: Quote:
|
Yep, I understand your concern. :)
Let me address everything in detail for you... First of all, understand that both the APM developer and DAP developer are mostly full of BS. They both gave stupid responses. :screwy: When a developer feeds customers wrong (or even mostly-wrong) info, I lose respect for them. Their knowledge is suspect. :huh2: SHA-256 (part of SHA-2) is a balance between
See also: https://features.cpanel.net/topic/ge...ate-sha-1-csrs So your server is fine. :congrats: But that's only part of the issue. Again: 1. Does the script support it? Given the lousy response from the WordPress plugin developer, who knows? (Remember that WordPress plugins, even paid ones, are often coded by amateurs, and not companies with better/formal coding practices. The entire reason I've posted this email in the forum is to shame that developer for giving a stupid answer. I get rather tired of lazy half-wit so-called 'developers' that always give knee-jerk "It's the server's/host's fault" as a response to anything asked.) 2. Does both the SSL CA issuer -and- the SSL cert support it? I'm not aware of any CA that does not support it. If you cert is old, simply reissue it. Note that some CAs may have certs that only carry SHA-1, and to get SHA-2, you'll have to pay for a more expensive SSL (which can be used as SSL or SNI in cPanel). I'm not up-to-date on what CAs are doing, so you may need to further scrutinize your own site certs. You can use this tool: https://www.ssllabs.com/ 3. Does the person's browser support it? If somebody is using an outdated browser, the person visiting the site is SOL. Nothing can be done. He/she must upgrade. For example, IE6 on Windows XP is a no-no. __________ All this said, from my understand, this only applies to Paypal transactions occurring from your own domain. If your domain transfers them over to https://www.paypal.com for the actual transaction, then there's nothing that you need to do. Paypal's scary emails seemingly went out to everybody processing a payment, and not just those using the "Pro" version of IPN. So if not using payment on site (your own domain appears in the URL bar), then this is all non-applicable anyway. :smack: __________ Sometimes owning a site is overly complicated for no reason. :P |
Site design, images and content © 2002-2024 The Digital FAQ, www.digitalFAQ.com
Forum Software by vBulletin · Copyright © 2024 Jelsoft Enterprises Ltd.