Paypal Update: Action May Be Required

I've received the below email from PayPal twice now. Is this something that CS-Cart needs to take care of in the cart software, or is it something I need to take care of somehow? Looking for some clarification here… Thanks in advance.

[color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

[color=#009CDE][size=7]UPDATE: ACTION MAY BE REQUIRED: PayPal service upgrades for merchants.[/size][/color]

[/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

UPDATE: Please see an important update below in [color=#FF0000]red[/color].[/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

----[/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

Because we support our merchants in helping them grow their business, we continue to make significant investments and improvements to our infrastructure. These improvements sometimes require us to perform necessary service upgrades. [/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

Please read below as we explain what the change is, and what action may be required by you.[/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

What’s happening? [/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

Over the course of 2015 and 2016, PayPal will be working towards upgrading various SSL certificates. The changes include upgrading the following: [/font][/color][list]

[
]The version of the VeriSign Trusted Root Certificate used to establish secure connections to PayPal.

[*]The signing algorithm of certificates (from SHA-1 to SHA-256).

[/list][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

Why is this happening? [/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

We’re taking measures to address industry-wide security concerns which aren’t unique to PayPal. When implemented, these measures can help us improve the security and reliability of our PayPal integrations and help guard against current and future security threats. [/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

When is this happening? [/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

We’ve published the schedule of our service upgrade plan. Please check our 2015-2016 SSL Certificate Change microsite for the most recent updates as published schedules may change. Our efforts to upgrade SSL certificates for our production endpoints are scheduled to start in May 2015, and will continue into next year. [/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

[color=#FF0000]Please note – Testing in the Sandbox environment is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections signed by the G5 Root Certificate. Please review the microsite for information when SHA-256 testing is available for your integration.[/color][/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

What do I need to do? [/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

For information regarding the important details of these upgrades, how it may impact your integration, and what you must do to future-proof your integration, please refer to the Merchant Security System Upgrade Guide on the microsite. [/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

*Please note – If you’re impacted by this upgrade, you may be required to implement these changes prior to the dates listed on the microsite. Otherwise, you may not be able to process payments through your current integration with PayPal. In addition, if you’re integrated with a third party, please check with them on any additional steps you may need to take. [/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

Questions can be directed to our Merchant Technical Services team on our Technical Support website. Click here for more information. [/font][/color][color=#717074][font=HelveticaNeueLight, HelveticaNeue-Light,]

Thanks for your patience as we continue to improve our services.[/font][/color]

Yes, can someone provide I definitive response? I've received this email too.

Hi Guys, Paypal are simply following industry standards and upgrading the SSL encryption strength. I got the same email. Honestly, I’m not sure how this would affect us.



For what its worth, I’ve already gone and done what PP are in the process of doing, namely; upgrading my SSL on my website to SHA-2 encryption strength. I also went to the extra effort of getting “Extended Validation” - where the address bar in the browser turns a pretty green and your company name is displayed. Just some reassurance for my customers. :-)



SSL encryption strength has no bearing on CS Cart - it’s merely the strength of security when the data is encrypted (whatever data that may be) In other words, SSL doesnt care what the data is, it simply protects. Kind of like Justin Beibers bodyguards. They dont care who he is, they just gotta look after him. :-)

To test in the sandbox, do we just change the mode from live to test and submit a transaction?