1

Paypal will soon imposed to use TLS 1.2 when contacting their API. This behavior already been enforced on their Sandbox.

We just been trapped by a side effect is that after invoking Paypal API any subsequent call to AWS SDK are failing.

Anybody had the same problem and found a workaround ?

Roynicolas
  • 11
  • 2
  • Can you show some code to give people a better idea of what, specifically, you're asking about? – thanksd Jan 29 '16 at 17:02
  • Here's a thread with code: http://stackoverflow.com/questions/35089900/winhttp-winhttprequest-5-1-does-not-work-with-paypal-sandbox-after-tls-1-2 – Phong Jan 29 '16 at 21:25

1 Answers1

1

As noted by this discussion on the AWS developer forums, at the time of this posting TLS 1.2 is not supported by the AWS SDK. Consequently, you won't be able to move to TLS 1.2 exclusively in your application until they also implement support for it.

A workaround exists where your application's communication protocol can be manually set. In the example below, ServicePointManager.SecurityProtocol is updated to enable support for TLS 1.0, TLS 1.1, and/or TLS 1.2 in the application:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

This change should allow your communication to communicate to PayPal with TLS 1.2, while falling back to older versions as necessary for communication with AWS SDK.

Notes:

  • Manually setting this puts a burden of responsibility on you to periodically review this and eventually remove support for older TLS versions as they become unnecessary and/or security risks. This is the motivation for PCI-compliant APIs moving to TLS 1.2. Keep an eye on updates to the AWS SDK for .NET so that you'll be able to drop older TLS support as soon as possible.
  • Tls11 and Tls12 are only available in the SecurityProtocolType enum for .NET versions 4.5+.

Further Reading:

Community
  • 1
  • 1
Anthony Neace
  • 25,013
  • 7
  • 114
  • 129