The Internet Security Changes and Your Sellerdeck Site
Over the next couple of years the security protocol used across the internet, and particularly for handling online payments, is being upgraded. Earlier encryption protocols used to create secure internet connections (SSL, TLS v1.0 and TLS v1.1) are being replaced by TLS v1.2. At the same time, at least one payment service provider (PayPal) is enforcing an upgrade to the HTTP protocol used for information transfer, to HTTP v1.1.
This document explains the changes and their implications for Sellerdeck users.
What is TLS?
Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) are both generally referred to as ‘SSL’. They basically enable two applications to communicate securely, protecting both the security of the user and the integrity of the information.
The first version of TLS officially replaced SSL from June 2015. The latest version, v1.2, is already used by many applications. From June 2017 application providers, including all payment gateways, will begin to withdraw support for older versions. This transition will be completed in June 2018.
What is HTTP?
Hypertext Tranfer Protocol (HTTP) is the language used for the transfer of information across the internet.
HTTP v1.1 was officially released as long ago as January 1997. The earlier v1.0 is still generally supported, however PayPal have announced they will withdraw support for this at the same time as TLS v1.0.
Will my site be affected?
The change might affect your business if you:
- use a payment gateway, including PayPal, on your website;
- use Sellerdeck Payments or PayPal in Sellerdeck Desktop;
- use GFS for shipping.
What do I need to do?
Depending upon which version of Sellerdeck and which services you are using, you might need to take a number of actions.
Please read the following notes carefully to find out how these changes impact you. If you have any queries, please contact Sellerdeck on security@sellerdeck.com for further assistance.
Sellerdeck 2016 (v16.0.2) and above
- If you are using Sellerdeck Hosting, you do not need to take any action. Your installation fully supports TLS v1.2 for GFS and all payment services including Sellerdeck Payments and PayPal.
- If you are not using Sellerdeck Hosting, please ask your web host if they support TLS v1.2. If they do not, they will need to implement it on your website.
Sellerdeck 2016 (v16.0.0 / v16.0.1)
- If you use or intend to use Sellerdeck Payments, PayPal, or the GFS Integrated Shipping service, upgrade to Sellerdeck 2016 (v16.0.3).
If your site has any Sellerdeck plugins and/or custom code that use PHP, they may be affected by this upgrade. Please check with your plugin provider / web designer before applying the upgrade to your site.
- If you are not using Sellerdeck Hosting, please ask your web host if they support TLS v1.2. If they do not, they will need to implement it on your website.
Sellerdeck 2014 (all versions)
- If you use Sellerdeck Payments or GFS, you need to upgrade the version of PHP embedded in your Sellerdeck installation. This can be achieved using the Sellerdeck PHP Upgrade Installer (free from Support for Sellerdeck Cover, Hosting and Payments subscribers, or call 0845 129 4888).
If your site has any Sellerdeck plugins and/or custom code that use PHP, they may be affected by the upgrade. Please check with your plugin provider / web designer before applying the upgrade.
- If you are not using Sellerdeck Hosting, please ask your web host if they support TLS v1.2. If they do not, they will need to implement it on your website.
Sellerdeck v11.0.4 to 2013 (all versions)
- If you use Sellerdeck Payments, you need to upgrade the version of PHP embedded in your Sellerdeck installation. This can be achieved using the Sellerdeck PHP Upgrade Installer (free from Support for Sellerdeck Cover, Hosting and Payments subscribers, or call 0845 129 4888).
- If your site has any Sellerdeck plugins and/or custom code that use PHP, they may be affected by the upgrade. Please check with your plugin provider / web designer before applying the upgrade.
- If you are not using Sellerdeck Hosting, please ask your web host if they support TLS v1.2. If they do not, they will need to implement it on your website.
Sellerdeck v11 prior to v11.0.4
- If you are using both PayPal and Sellerdeck Payments, we strongly recommend upgrading to the latest version of Sellerdeck Desktop.
If your site has any Sellerdeck plugins and/or custom code that use PHP, they may be affected by this upgrade. Please check with your plugin provider / web designer before applying the upgrade to your site.
- If you are using PayPal for online payments, but not Sellerdeck Payments, then you can upgrade to Sellerdeck v 11.0.4 to enable support for http v1.1.
- If you are using Sellerdeck Payments then you need an upgrade to the version of PHP embedded in your Sellerdeck installation. This can be achieved using the Sellerdeck PHP Upgrade Installer (free from Support for Sellerdeck Cover, Hosting and Payments subscribers, or call 0845 129 4888).
If your site has any Sellerdeck plugin and/or custom code that uses PHP, this may be affected by the upgrade. Please check with our plugin provider / web designer.
- If you are not using Sellerdeck Hosting, please check with your web host that they support TLS v1.2.
Versions Prior to v11
- Your currrent version does not support TLS v1.2 on the desktop, and cannot be upgraded to support HTTP v1.1 on the website. If you use PayPal or Sellerdeck Payments, we recommend that you upgrade to the latest version of Sellerdeck Desktop.
- If you are not using Sellerdeck Hosting, please check with your web host that they support TLS v1.2.
For more information please see: Background to The Internet Security Changes
Details of the original article can be found on the SellerDeck Forum at https://community.sellerdeck.com/forum/knowledge-base/online-store-issues/58774-the-internet-security-changes-and-your-sellerdeck-site