If your VPCart 8.0 site is taking Paypal payment and you recently get a TLS 1.2 warning letter from Paypal with content such as below eg:
===========================================================
Over the last two years, we have written your organization nine times to inform you of an urgent matter that now requires your immediate attention. We sent the most recent reminder to your business in April 2018.
The Payment Card Industry Security Standards Council (PCI) has issued new security standards that must be implemented by June 30, 2018. By this date, all entities must have stopped the use of SSL/early TLS as a security control in their systems and completely transitioned to a secure version of TLS encryption protocols, such as TLS 1.2.
Our records indicate that your PayPal integration is utilizing a version that is less than TLS 1.2.? You must act immediately to upgrade your PayPal integration(s) to utilize TLS 1.2 cryptographic protocol PRIOR to June 30, 2018.
Failure to upgrade your integration prior to June 30, 2018 means you will be at risk TO ACCEPT ANY PAYPAL TRANSACTIONS OR CREDIT CARD PAYMENTS PROCESSED BY PAYPAL without upgrading your payment software to support TLS 1.2.
Testing periods
Prior to June 30, 2018, PayPal will be conducting weekly testing, which emulates the upgraded security experience. These tests will provide you with an understanding of the areas of your integration that still require security protocol upgrades. If your systems have been upgraded to support TLS 1.2, you should not be impacted during the testing periods. However, if your system integrations are not currently upgraded, you may experience interruptions to PayPal services, such as payment processing and reporting. Please be advised that each test period could take several hours to complete.
Test dates are published on our Merchant Security Upgrade Testing
For further information on the TLS 1.2 upgrade, please go to? our TLS 1.2 Upgrade Microsite page or to the PCI Security Standards Council site, where a countdown to the deadline appears at the top of the site.
We urge you to make the necessary security protocol upgrades now to ensure you are ready prior to? the June 30, 2018 deadline.
If you have any questions about your PayPal integration or want to discuss remediation options, please have your technical team reach out to Merchant Support by opening a ticket through the Help & Contact page. For questions about the PCI security standards, PCI does provide contact information on their site.
===========================================================
If you are also getting the same warning email from Paypal, then you can try to check your site for the following :
NOTE:
*
Below steps are only applicable if your site already patched for TLS 1.2. If your site has not been patched for TLS 1.2 please follow the below link to install the TLS 1.2 patch:
https://helpnotes.vpcart.com/kb/71-Add-Ons/1200-TLS-12-Update/
* Below steps are only applicable if your web host is supporting TLS 1.2. If your web host is not supporting TLS 1.2, you can consider moving to our VPCart Hosting which is already TLS 1.2 compatible:
https://hosting.vpcart.com
1) If your site is taking Paypal payment, check what types of Paypal payment is activated in admin configs.
Eg
if xPaypal = Yes means it is using Paypal Standard.
if xPayPal_Express_Checkout = Yes means it is using Paypal Express
if xPayPal_Website_Payment_Pro = Yes means it is using Paypal Pro
if xpayflowlink_enable = Yes means it is using PayFlow Link
if xpayflowpro_enable = Yes means it is using PayFlow Pro
if xpppymt_enable = Yes means it is using Paypal Payment Advanced
2) For site using Paypal Standard, please do these :
2a) Backup your site file paypalcallback.asp to eg paypalcallback_05062018.asp.bak
2b) Download your site file paypalcallback.asp to your local
2c) Open winmerge and compare our latest vpcart 8.1.0.18 pack file paypalcallback.asp with your site file paypalcallback.asp.
2d) If same then no need to update for TLS.
2e) If different and it does not have this code:
'800 - 2016.02.03 - XML: To support TLS1.2
dim rheadercnt, rheadertypeary(10), rheadervalueary(10), xmlerror
rheadercnt = 0
Shopxmlhttp_v8 "auto", paypalgatewaylocation, str, responsetext, "POST", xmlerror, rheadercnt, rheadertypeary, rheadervalueary, "", ""
Then please copy all our latest code into your site file from winmerge.
2f) Save the file and upload back to your site.
3) For site using Paypal Express, please do these :
3a) Backup your site file paypalproexpress.asp
3b) Download your site file paypalproexpress.asp to your local
3c) Open winmerge and compare our latest vpcart 8.1.0.18 pack filepaypalproexpress.asp with your site file paypalproexpress.asp.
3d) If same then no need to update for TLS.
3e) If different and it does not have this code:
'800 - 2016.02.03 - XML: To support TLS1.2
dim rheadercnt, rheadertypeary(10), rheadervalueary(10)
rheadercnt = 0
Shopxmlhttp_v8 "auto", x_GatewayLocation, anrequest, resultXML, "POST", xmlerror, rheadercnt, rheadertypeary, rheadervalueary, "", ""
Then please copy all our latest code into your site file from winmerge.
3f) Save the file and upload back to your site.
4) For site using Paypal Pro, please do these :
4a) Backup your site file paypalprodpshoppayment.asp
4b) Download your site file paypalprodpshoppayment.asp to your local
4c) Open winmerge and compare our latest vpcart 8.1.0.18 pack filepaypalprodpshoppayment.asp with your file paypalprodpshoppayment.asp.
4d) If same then no need to update for TLS.
4e) If different and it does not have this code:
'800 - 2016.05.25 - Enhancement: PayPal Pro: TLS 1.2 Enabled
dim rheadercnt, rheadertypeary(10), rheadervalueary(10)
rheadercnt = 0
Shopxmlhttp_v8 "auto", x_GatewayLocation, anrequest, resultXML, "POST", xmlerror, rheadercnt, rheadertypeary, rheadervalueary, "", ""
Then please copy all our latest code into your site file from winmerge.
4f) Save the file and upload back to your site.
5) For site using PayFlow Link, please do these :
5a) Backup your site file paypalpflinkgateway.asp
5b) Download your site file paypalpflinkgateway.asp to your local
5c) Open winmerge and compare our latest vpcart 8.1.0.18 pack file paypalpflinkgateway.asp with your file paypalpflinkgateway.asp.
5d) If same then no need to update for TLS.
5e) If different and it does not have this code:
'800 - 2016.05.25 - Enhancement: PayFlow Link: TLS 1.2 Enabled
dim rheadercnt, rheadertypeary(10), rheadervalueary(10)
rheadercnt = 0
Shopxmlhttp_v8 "auto", SEcureTokenGatewayPayFlowLinkURL, payflowlink_paramlist, resultXML, "POST", xmlerror, rheadercnt, rheadertypeary, rheadervalueary, "", ""
Then please copy all our latest code into your site file from winmerge.
5f) Save the file and upload back to your site.
6) For site using PayFlow Pro, please do these :
6a) Backup your site file pfphpshoppayment.asp
6b) Download your site file pfphpshoppayment.asp to your local
6c) Open winmerge and compare our latest vpcart 8.1.0.18 pack filepfphpshoppayment.asp with your file pfphpshoppayment.asp.
6d) If same then no need to update for TLS.
6e) If different and it does not have this code:
'800 - 2016.05.25 - Enhancement: PayFlow Pro Hosted: TLS 1.2 Enabled
on error resume next
dim rheadercnt, rheadertypeary(10), rheadervalueary(10)
rheadercnt = 3
rheadertypeary(0) = "Content-Type"
rheadervalueary(0) = "text/xml"
rheadertypeary(1) = "X-VPS-Timeout"
rheadervalueary(1) = "30"
rheadertypeary(2) = "X-VPS-Request-ID"
rheadervalueary(2) = requestID
Shopxmlhttp_v8 "auto", iurl, indata, outdata, method, xmlerror, rheadercnt, rheadertypeary, rheadervalueary, "", ""
Then please copy all our latest code into your site file from winmerge.
6f) Save the file and upload back to your site.
6g) Backup your site file pfptrgateway.asp
6h) Download your site file pfptrgateway.asp to your local
6i) Open winmerge and compare our latest vpcart 8.1.0.18 pack file pfptrgateway.asp with your file pfptrgateway.asp.
6j) If same then no need to update for TLS.
6k) If different and it does not have this code:
'800 - 2016.05.25 - Enhancement: PayFlow Pro Transparent: TLS 1.2 Enabled
dim rheadercnt, rheadertypeary(10), rheadervalueary(10)
rheadercnt = 0
Shopxmlhttp_v8 "auto", SEcureTokenGatewayPayFlowProURL, payflowpro_paramlist, resultXML, "POST", xmlerror, rheadercnt, rheadertypeary, rheadervalueary, "", ""
Then please copy all our latest code into your site file from winmerge.
6l) Save the file and upload back to your site.
7) For site using Paypal Payment Advanced, please do these :
7a) Backup your site file paypalpymtgateway.asp
7b) Download your site file paypalpymtgateway.asp to your local
7c) Open winmerge and compare our latest vpcart 8.1.0.18 pack file paypalpymtgateway.asp with your file paypalpymtgateway.asp.
7d) If same then no need to update for TLS.
7e) If different and it does not have this code:
'800 - 2016.05.25 - Enhancement: PayPal Advanced: TLS 1.2 Enabled
dim rheadercnt, rheadertypeary(10), rheadervalueary(10)
rheadercnt = 0
Shopxmlhttp_v8 "auto", SEcureTokenGatewayPayPalAdvancedURL, pppaymentadv_paramlist, resultXML, "POST", xmlerror, rheadercnt, rheadertypeary, rheadervalueary, "", ""
Then please copy all our latest code into your site file from winmerge.
7f) Save the file and upload back to your site.