PayPal - Ensure that your systems are SHA-256 compatible by 17 June 2016

In our company we just got this email from PayPal saying:

To avoid service interruptions, please ensure that your systems are SHA-256 compatible by 17 June 2016.

After some research, we found this page where they explain what they are doing, which among other things include an upgrade in the TLS to 1.2, and an upgrade in SSL to SHA-256.

If you are using a plugin for a major platform like WordPress or Magento, just make sure that your plugins are updated.

If you are running a very old JDK, please check for JDK compatibility at PayPal announcement. For .NET framework they support SHA-256 since version 1.1, so you (probably) don’t need to worry at all.

If you are running a recent Operating System like Windows 2012 or newer, don’t worry at all. If running old operating system, please check this SHA-256 compatibility list. You should be using an operating system that allows you to connect to SHA-256 as a client.

Just in case, you may want to check if your server has the root certificate (Verisign G5) installed:

In summary:
This upgrade requires that you have compliant hardware/software for conneting to PayPal as a CLIENT.
It is NOT related to your SSL certificate

comments powered by Disqus