I received an email from paypal, telling me about a change to their SSL certificates and what type of encryption they're going to be using.
It sends me to this site: https://ppmts.custhelp.com/app/answers/detail/a_id/1236
Which suggests reviewing/updating all my integrations as required.
Is there anything I actually have to do with this?
I'm on Magento 1.9.1.0 (plus the 5344 & 5994 patches).
Solved! Go to Solution.
PayPal statement is quite confusing so to simplify it for you, what they mean is they are discontinuing support for the older SSL Certificates (like everyone else is doing, starting with Google).
You need to confirm if the SSL Certificate installed in your server is based on SHA-256 (also known as SHA-2) instead of the older and insecure SHA-1. Check with your hosting provider and SSL vendor if you are unsure.
If you are still using the SHA-1 SSL Certificate, most SSL vendors will allow you to reissue the SSL Certificate to SHA-2 without any extra charge.
In short, this is mainly a server related change and has nothing to do with your application (Magento).
PayPal statement is quite confusing so to simplify it for you, what they mean is they are discontinuing support for the older SSL Certificates (like everyone else is doing, starting with Google).
You need to confirm if the SSL Certificate installed in your server is based on SHA-256 (also known as SHA-2) instead of the older and insecure SHA-1. Check with your hosting provider and SSL vendor if you are unsure.
If you are still using the SHA-1 SSL Certificate, most SSL vendors will allow you to reissue the SSL Certificate to SHA-2 without any extra charge.
In short, this is mainly a server related change and has nothing to do with your application (Magento).
Thank you. That was my interpretation, and I needed someone to confirm. And I wanted to make sure I didn't miss any sort of gotcha in the fine print.
My fear was that there might be some sort of magento patch or update that would be required.
You're welcome!
No, there shouldn't be any patch or update required as PayPal's policy covers not just Magento but other shopping carts as well.