• This repository has been archived on 30/Dec/2019
  • Stars
    star
    148
  • Rank 249,983 (Top 5 %)
  • Language
    Java
  • License
    Other
  • Created about 9 years ago
  • Updated almost 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Documentation & tools for the upcoming TLSv1.2 required update

TLSv1.2 Requirement

The Payment Card Industry Security Standards Council (PCI SSC) mandates that all credit card processors must retire early versions of TLS from service by the PCI deadline.

As part of this requirement, PayPal and Braintree are making this upgrade alongside the rest of the payments industry. PayPal and Braintree are updating its services to require TLS 1.2 for all HTTPS connections. PayPal and Braintree will also require HTTP/1.1 for all connections.

For more official, relevant information, see the 2017-2018 Merchant Security Roadmap Microsite:

See also Updating Your Production Environment to Support TLSv1.2 on the Braintree blog.

What does this mean for PayPal and Braintree merchants?

Merchants must verify that their systems can use the TLSv1.2 protocol with a SHA-256 certificate. As a merchant, you must make sure that you are up-to-date with security updates, including current versions of operating systems, encryption libraries, and runtime environments.

To get started, use the following notes to verify the TLSv1.2 readiness in your environments:


Prerequisites

  • These checks assume that you have installed all PayPal REST- and Braintree SDK-required libraries.
  • For these checks to be valid, run them on a production system or one that exactly matches the production configuration.

Java

Java requirements

Note: Java 8 is preferred because TLSv1.2 is the default in this Java version.

Java version TLSv1.2 support Requirements
5 and earlier No support

Upgrade to Java 6 or later.

Note: Java 8 is preferred because TLSv1.2 is the default in this Java version.
6 Available
7 Available
  • You must explicitly enable TLSv1.2.
  • You might require a PayPal SDK update or code change.
    8 Default
    • No code change is required.
    • Make sure that you're using the latest PayPal SDK.

    To verify your Java and TLS versions

    1. Set the TLS version through the SSLContext class.

    2. Verify that Java runtime 6 or later is installed:

      java -version
      

      If you have Java version 5 or earlier, upgrade it.

      Note: Java 8 is preferred because TLSv1.2 is the default in this Java version.

    3. Download the TlsCheck.java and TlsCheck.jar files.

    4. In a shell on your production system, run:

      > java -jar TlsCheck.jar
      
      • On success:

        Successfully connected to TLS 1.2 endpoint.
        
      • On failure:

        Failed to connect to TLS 1.2 endpoint.
        

    Supported SDKs


    .NET

    .NET requirements

    To enable TLSv1.2, you must install the .NET framework 4.5 or later.

    To verify your .NET and TLS versions

    1. Set the TLS version through ServicePointManager.SecurityProtocol enumeration.

    2. To verify that you have .NET framework 4.5 or later, run NetFrameworkVersions on the console of your production system. If you do not have .NET 4.5 or later, upgrade it.

    3. In a shell on your production system, run TlsCheck:

      > TlsCheck.exe
      
      • On success:

        PayPal_Connection_OK
        

    Supported SDKs


    PHP

    PHP requirements

    Guidelines

    Find OpenSSL in these locations:

    1. OpenSSL installed in your operating system's openssl version.
    2. OpenSSL extension installed in your PHP. Find this in your php.ini.
    3. OpenSSL used by PHP_CURL.curl_version().

    These OpenSSL extensions can be different, and you update each one separately.

    PayPal and other PHP SDKs use the same OpenSSL extension that PHP_CURL uses to make HTTP connections. The PHP_CURL OpenSSL extension must support TLSv1.2.

    The php_curl library uses its own version of the OpenSSL library, which is not the same version that PHP uses, which is the openssl.so file in php.ini.

    To verify your PHP and TLS versions

    1. To find the openssl_version information for cURL, run:

      php -r 'echo json_encode(curl_version(), JSON_PRETTY_PRINT);'
      

      The returned php_curl version might be different from the openssl version because they are different components.

    2. When you update your OpenSSL libraries, you must update the php_curl OpenSSL version and not the OS OpenSSL version.

    3. Download cacert.pem and TlsCheck.php.

    4. In a shell on your production system, run:

      php -f TlsCheck.php
      
      • On success:

        PayPal_Connection_OK
        
      • On failure:

        curl_error information
        

    Notes:

    • Make sure that your command line test uses the same versions of PHP and SSL/TLS libraries that your web server uses.
    • If you use MAMP or XAMPP as your development set up, the PHP that is packaged with them uses an earlier version of OpenSSL, which you cannot easily update. For more information about this issue and a temporary workaround, see Unknown SSL protocol error.


    Python

    Python requirements

    • Python uses the system-supplied OpenSSL.
    • TLSv1.2 requires OpenSSL 1.0.1c or later.

    To verify your Python and TLS versions

    1. In a shell on your production system, run the command for your environment:

      • For Python 2.x:

        $ python -c "import urllib2; print(urllib2.urlopen('https://tlstest.paypal.com/').read())"
        
      • For Python 3.x:

        $ python -c "import urllib.request; print(urllib.request.urlopen('https://tlstest.paypal.com/').read())"
        
        • On success:

          PayPal_Connection_OK
          
        • On failure, an URLError is raised:

          urllib2.URLError: <urlopen error EOF occurred in violation of protocol (_ssl.c:590)>
          urllib2.URLError: <urlopen error [Errno 54] Connection reset by peer>
          

    Ruby

    Ruby requirements

    • Ruby 2.0.0 or later and OpenSSL 1.0.1c or later are required:

      • Ruby 2.0.0 or later is required to use TLSv1.2 from the system-supplied OpenSSL.
      • TLSv1.2 requires OpenSSL 1.0.1c or later.
    • To update your dependencies, you might need to run bundle update.

    PayPal legacy Ruby SDK update

    For the PayPal legacy Ruby SDK packaged as PP_Ruby_NVP_SDK.zip, download this PP_Ruby_NVP_SDK.zip.

    To verify your Ruby and TLS versions

    1. In a shell on your production system, run:

      $ ruby -r'net/http' -e 'puts Net::HTTP.get(URI("https://tlstest.paypal.com/"))'
      
      • On success:

        PayPal_Connection_OK
        
      • On failure, a OpenSSL::SSL::SSLError or EOFError is thrown.


    Node

    Node requirements

    • Node.js uses the system supplied OpenSSL.
    • TLSv1.2 requires OpenSSL 1.0.1c or later.

    To verify your Node and TLS versions

    1. In a shell on your production system, run:

      $ node -e "var https = require('https'); https.get('https://tlstest.paypal.com/', function(res){ console.log(res.statusCode) });"
      
      • On success:

        200
        
      • On failure, a network error occurs.


    Native Mobile Apps

    Android

    Android requirements

    TLSv1.2 is the default for client connections in API 20 (Android 4.4W or KITKAT - wearable extensions).

    All Android app developers must make sure that their code and PayPal or Braintree SDKs provide explicit support for TLSv1.2. To verify correct implementation, test apps on API 16 through 19 devices (Android 4.1 through 4.4 platforms).

    After the TLSv1.2 upgrade, native app support for user devices earlier than API 16 (Android 4.1 or JELLY_BEAN) are not available. Fortunately, as of April 16, 2018, Google reports 0.7% of devices accessing the Play store are API 15 or earlier.

    Users of the PayPal or Braintree Android SDKs must update to the latest version. To illustrate how to support TLSv1.2 outside of the SDK, we have provided an example Android app.

    Supported SDKs

    iOS

    TLSv1.2 support was introduced in iOS 5. The PayPal iOS SDK and the Braintree iOS SDK both require iOS 7 or later. Apps built since 2013 will likely not need any updates.

    Windows

    Neither PayPal nor Braintree support any Windows SDKs. For a web browser integration, we recommend Braintree's JavaScript SDK.

    More Repositories

    1

    glamorous

    DEPRECATED: 💄 Maintainable CSS with React
    JavaScript
    3,640
    star
    2

    junodb

    JunoDB is PayPal's home-grown secure, consistent and highly available key-value store providing low, single digit millisecond, latency at any scale.
    Go
    2,565
    star
    3

    accessible-html5-video-player

    Accessible HTML5 Video Player
    JavaScript
    2,451
    star
    4

    react-engine

    a composite render engine for universal (isomorphic) express apps to render both plain react views and react-router views
    JavaScript
    1,449
    star
    5

    squbs

    Akka Streams & Akka HTTP for Large-Scale Production Deployments
    Scala
    1,433
    star
    6

    PayPal-node-SDK

    node.js SDK for PayPal RESTful APIs
    JavaScript
    1,279
    star
    7

    paypal-checkout-components

    please submit Issues about the PayPal JS SDK here: https://github.com/paypal/paypal-js/issues
    JavaScript
    1,270
    star
    8

    gatt

    Gatt is a Go package for building Bluetooth Low Energy peripherals
    Go
    1,135
    star
    9

    PayPal-iOS-SDK

    Accept credit cards and PayPal in your iOS app
    Objective-C
    974
    star
    10

    gnomon

    Utility to annotate console logging statements with timestamps and find slow processes
    JavaScript
    932
    star
    11

    PayPal-Android-SDK

    Accept PayPal and credit cards in your Android app
    Java
    824
    star
    12

    bootstrap-accessibility-plugin

    Accessibility Plugin for Bootstrap 3 and Bootstrap 3 as SubModule
    HTML
    789
    star
    13

    PayPal-Python-SDK

    Python SDK for PayPal RESTful APIs
    Python
    702
    star
    14

    AATT

    Automated Accessibility Testing Tool
    JavaScript
    601
    star
    15

    PayPal-Ruby-SDK

    Ruby SDK for PayPal RESTful APIs
    Ruby
    593
    star
    16

    ipn-code-samples

    PHP
    561
    star
    17

    seifnode

    C++
    545
    star
    18

    PayPal-NET-SDK

    .NET SDK for PayPal's RESTful APIs
    C#
    535
    star
    19

    PayPal-Java-SDK

    Java SDK for PayPal RESTful APIs
    Java
    535
    star
    20

    data-contract-template

    Template for a data contract used in a data mesh.
    460
    star
    21

    Checkout-PHP-SDK

    PHP SDK for Checkout RESTful APIs
    PHP
    418
    star
    22

    hera

    High Efficiency Reliable Access to data stores
    Go
    289
    star
    23

    SeLion

    Enabling Test Automation in Java
    Java
    281
    star
    24

    nemo-core

    Selenium-webdriver based automation in node.js
    JavaScript
    261
    star
    25

    support

    An evented server framework designed for building scalable and introspectable services, built at PayPal.
    Python
    261
    star
    26

    PayPal-Cordova-Plugin

    PayPal SDK Cordova/Phonegap Plugin
    Objective-C
    248
    star
    27

    gimel

    Big Data Processing Framework - Unified Data API or SQL on Any Storage
    Scala
    245
    star
    28

    scala-style-guide

    Style Guidelines for PayPal Scala Applications
    240
    star
    29

    merchant-sdk-php

    PHP SDK for integrating with PayPal's Express Checkout / MassPay / Web Payments Pro APIs
    PHP
    230
    star
    30

    paypal-js

    Loading wrapper and TypeScript types for the PayPal JS SDK
    TypeScript
    229
    star
    31

    paypal-rest-api-specifications

    This repository contains the specification files for PayPal REST APIs.
    192
    star
    32

    resteasy-spring-boot

    RESTEasy Spring Boot Starter
    Java
    188
    star
    33

    Checkout-Java-SDK

    PayPal Checkout Java SDK
    Java
    182
    star
    34

    autosklearn-zeroconf

    autosklearn-zeroconf is a fully automated binary classifier. It is based on the AutoML challenge winner auto-sklearn. Give it a dataset with known outcomes (labels) and it returns a list of predicted outcomes for your new data. It even estimates the precision for you! The engine is tuning massively parallel ensemble of machine learning pipelines for best precision/recall.
    Python
    171
    star
    35

    skipto

    SkipTo is a replacement for your old classic "Skipnav" link. Once installed on a site, the script dynamically determines the most important places on the page and presents them to the user in a drop-down menu.
    HTML
    152
    star
    36

    Checkout-NET-SDK

    .NET SDK for Checkout RESTful APIs
    C#
    139
    star
    37

    cascade

    Common Libraries & Patterns for Scala Apps @ PayPal
    Scala
    129
    star
    38

    merchant-sdk-ruby

    Ruby
    110
    star
    39

    heap-dump-tool

    Tool to sanitize data from Java heap dumps.
    Java
    110
    star
    40

    NNAnalytics

    NameNodeAnalytics is a self-help utility for scouting and maintaining the namespace of an HDFS instance.
    Java
    110
    star
    41

    paypal-smart-payment-buttons

    Smart Payment Buttons
    JavaScript
    108
    star
    42

    yurita

    Anomaly detection framework @ PayPal
    Scala
    106
    star
    43

    InnerSourceCommons

    DEPRECATED - old repo for InnerSourceCommons website. Moved to https://github.com/InnerSourceCommons/innersourcecommons.org
    JavaScript
    105
    star
    44

    adaptivepayments-sdk-php

    PHP SDK for integrating with PayPal's AdaptivePayments API
    PHP
    101
    star
    45

    fullstack-phone

    A dual-module phone number system with dynamic regional metadata ☎️
    JavaScript
    90
    star
    46

    sdk-core-php

    for classic PHP SDKs.
    PHP
    87
    star
    47

    paypal-here-sdk-android-distribution

    Add credit card (swipe & key-in) capabilities to your Android app
    Java
    84
    star
    48

    merchant-sdk-dotnet

    C#
    83
    star
    49

    paypal-here-sdk-ios-distribution

    Add credit card (tap, insert, swipe & key-in) capabilities to your iOS app
    Objective-C
    82
    star
    50

    payflow-gateway

    Repository to store the Payflow Gateway and PayPal Payments Pro SDKs.
    C#
    80
    star
    51

    sdk-packages

    Binary packages for deprecated SDKs.
    77
    star
    52

    android-checkout-sdk

    Kotlin
    77
    star
    53

    Iguanas

    Iguanas is a fast, flexible and modular Python package for generating a Rules-Based System (RBS) for binary classification use cases.
    Jupyter Notebook
    74
    star
    54

    paypal-android

    One merchant integration point for all of PayPal's services
    Kotlin
    72
    star
    55

    legalize.js

    JavaScript object validation for browsers + node
    JavaScript
    70
    star
    56

    paypalcheckout-ios

    Need to add Native Checkout to your iOS Application? We can help!
    Ruby
    70
    star
    57

    paypal-sdk-client

    Shared config for PayPal/Braintree client SDKs
    JavaScript
    65
    star
    58

    load-watcher

    Load watcher is a cluster-wide aggregator of metrics, developed for Trimaran: Real Load Aware Scheduler in Kubernetes.
    Go
    63
    star
    59

    dce-go

    Docker Compose Executor to launch pod of docker containers in Apache Mesos.
    Go
    63
    star
    60

    merchant-sdk-java

    Java SDK for integrating with PayPal's Express Checkout / MassPay / Web Payments Pro APIs
    Java
    62
    star
    61

    sdk-core-java

    for classic Java SDKs.
    Java
    61
    star
    62

    paypal-ios

    One merchant integration point for all of PayPal's services
    Swift
    59
    star
    63

    gorealis

    Version 1 of a Go library for interacting with the Aurora Scheduler
    Go
    58
    star
    64

    scorebot

    CSS
    57
    star
    65

    PPExtensions

    Set of iPython and Jupyter extensions to improve user experience
    Python
    50
    star
    66

    paypal-checkout-demo

    Demo app for paypal-checkout
    JavaScript
    49
    star
    67

    dione

    Dione - a Spark and HDFS indexing library
    Scala
    49
    star
    68

    Payouts-PHP-SDK

    PHP SDK for Payouts RESTful APIs
    PHP
    49
    star
    69

    pdt-code-samples

    Visual Basic
    48
    star
    70

    butterfly

    Application transformation tool
    Java
    47
    star
    71

    Payouts-NodeJS-SDK

    NodeJS SDK for Payouts RESTful APIs
    JavaScript
    47
    star
    72

    digraph-parser

    Java parser for digraph DSL (Graphviz DOT language)
    Java
    44
    star
    73

    paypalhttp_php

    PHP
    43
    star
    74

    tech-talks

    Place for all PayPalX presentations, tech talks, and tutorials, and the sample code and apps used in those.
    ColdFusion
    38
    star
    75

    Illuminator

    iOS Automator
    Swift
    38
    star
    76

    paypal-sdk-release

    Unified SDK wrapper module for tests, shared build config, and deploy
    JavaScript
    37
    star
    77

    PayPal-REST-API-issues

    Issue tracking for REST API bugs, features, and documentation requests.
    37
    star
    78

    paypal-messaging-components

    PayPal JavaScript SDK - messaging components
    JavaScript
    37
    star
    79

    ionet

    ionet is a bridge between the Go stdlib's net and io packages
    Go
    37
    star
    80

    paypal-access

    Examples and code for PayPal Access
    Python
    36
    star
    81

    horizon

    An SBT plugin to help with building, testing, analyzing and releasing Scala
    Scala
    35
    star
    82

    Payouts-Java-SDK

    Java SDK for Payouts RESTful APIs
    Java
    35
    star
    83

    genio

    Genio is an extensible tool that can generate code to consume APIs in multiple programming languages based on different API specification formats.
    Ruby
    35
    star
    84

    mirakl-hyperwallet-connector

    The Hyperwallet Mirakl Connector (HMC) is a self-hosted solution that mediates between a Mirakl marketplace solution and the Hyperwallet (PayPal) payout platform.
    Java
    34
    star
    85

    openapilint

    Node.js linter for OpenAPI specs
    JavaScript
    31
    star
    86

    paypal-sdk-constants

    JavaScript
    27
    star
    87

    sdk-core-ruby

    Core Library for PayPal Ruby SDKs
    Ruby
    27
    star
    88

    go.crypto

    Go crypto packages
    Go
    26
    star
    89

    PayPal-PHP-SDK

    PHP SDK for PayPal RESTful APIs
    PHP
    26
    star
    90

    nemo-view

    View interface for the Nemo automation framework
    JavaScript
    26
    star
    91

    Gibberish-Detector-Java

    A small program to detect gibberish using a Markov Chain
    Java
    26
    star
    92

    nemo-accessibility

    Automate Accessibility testing within your environment (Localhost)
    JavaScript
    25
    star
    93

    Payouts-Python-SDK

    Python SDK for Payouts RESTful APIs
    Python
    25
    star
    94

    here-sideloader-api-samples

    Sideloader API samples that enable to integrate PayPal Here into other apps
    Objective-C
    24
    star
    95

    couchbasekafka

    Couchbase Kafka Adapter
    Java
    24
    star
    96

    baler

    Bundle assets into iOS static libraries
    Python
    22
    star
    97

    invoice-sdk-php

    PHP SDK for integrating with PayPal's Invoicing API
    PHP
    21
    star
    98

    Payouts-DotNet-SDK

    DotNet SDK for Payouts RESTful APIs
    C#
    20
    star
    99

    paypal-funding-components

    PayPal JavaScript SDK Funding Components
    JavaScript
    20
    star
    100

    squbs-scala-seed.g8

    Scala giter8 Template for Squbs
    Scala
    20
    star