3

I have searched the site for a similar question and have only found one which doesn't actually answer my question: here

I have an ecommerce site implemented in pure php which uses both Authorize.Net and Paypal Payments Advanced with the silent post feature in order to perform online payments. When making a purchase the user is offered either one or the other way of payment depending on some settings in an administration backend.

Because we are using Auth.Net also we have to comply to the Truswave PCI scan which won't allow SSL and TLS < 1.1. The problem is that Paypal Payflow Link does not support TLS > 1.0. The silent call fails as soon as I remove TLS1.0 from my apache config file. We need this silent post feature so that we can update our database so we must accept their post through TLS1.0. But this causes the Trustwave scan to fail.

Is there any way that I could solve this problem so that I can support both Auth.Net and PPA with silent post in this situation?

Or, if Payflow Link is an old product (as I saw they said in the other post - see above) then is there another newer way of having the information posted to our site after the transaction?

Thanks

Community
  • 1
  • 1
Puiu Ioan
  • 51
  • 2

1 Answers1

2

Not exactly an answer to the question but a self-coming solution, hopefully. I just spoke to Paypal and they said than they are working on adding tls1.2 to list of their supported protocols for Payflow Link and plan to go live with that in the fist week of june. We decided to wait until the end of june to see if this really happens, before giving up paypal.

Puiu Ioan
  • 51
  • 2
  • As of Aug 2016, it appears that while Payflow Link supports TLS 1.2, the Silent Post still requires TLS 1.0. You can only use TLS 1.1> if you don't use Silent Post. – David Lari Aug 10 '16 at 18:34