For the last week we have had problems when our customers are paying via PayPal. Paypal takes the payment successfully but when the customer is returned to our website they are greeted with this message:
[purple]
Sorry, your payment was not successful.
Reason for failure:
If you need any help with your purchase, then please be sure to contact us.
Error, couldn't connect to https://www.paypal.com/cgi-bin/webscr (-2147012739).<br />An error occurred in the secure channel support [/purple]

We don't receive an email to say the order has gone through, I'm guessing because the system thinks it wasn't successful but Paypal definitely takes the payments. When we log in to vsadmin the status of the order is showing as "Unauthorized".

I suspect this has to do with the security changes at Paypal (https://www.paypal.com/au/webapps/mpp/merchant-security-roadmap)

As a result of the error we were getting, we purchased and ran the latest e-commerce templates updater but it has not made any difference to the Paypal error.

I notice another thread has recent paypal issues (https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=110195)

I have gone to /vsadmin/ppconfirm.asp?ppdebug=tls and get the following message:

[purple]Testing URL: https://ipnpb.sandbox.paypal.com/cgi-bin/webscr
Error : Error, couldn't connect to https://ipnpb.sandbox.paypal.com/cgi-bin/webscr (-2147012739).
An error occurred in the secure channel support [/purple]

I have tested our Secure Server at SSLLabs and get the following result:
TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 No
SSL 3 No
SSL 2 No

How do we fix this issue? What exactly is the problem? is it e-commerce templates, our host or paypal?
Help!

Hi

A similar error was reported here recently https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=109267

Do you know what version of Windows server your host is running?

Andy

Please feel free to review / rate our software

to be honest, no.
is there an easy way to tell what version of windows server we're running or do i need to contact our host?

Probably best to contact your host so they can give you the exact details.

Andy

Please feel free to review / rate our software

It might also be worth contacting PayPal as the problem is likely to be TLS1.2 related https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=110195&whichpage=3 and as you can't receive payments it can be a level 1 support ticket.

Andy

Please feel free to review / rate our software

reply from hosts:
Currently your domain name is on IIS 8. Your shared SSL is Full 128-bit SSL encryption.

A quick lookup by me returns: Microsoft-IIS/7.5

Our payments are being accepted, but it appears to the customer that they are not, we don't get any updates, and the status of the order is showing as "Unauthorized".

When I run /vsadmin/ppconfirm.asp?ppdebug=tls and get the following message:
[purple]Testing URL: https://ipnpb.sandbox.paypal.com/cgi-bin/webscr
Error : Error, couldn't connect to https://ipnpb.sandbox.paypal.com/cgi-bin/webscr (-2147012739).
An error occurred in the secure channel support [/purple]

Why is that? This is a test page written by e-commerce templates so, what does that result tell us?

It suggests that there is a connection problem between your server and PayPal, as this started last week it is almost certainly TLS1.2 related as that's when PayPal made their changes. With another customer I contacted PayPal to see if they could help and they said they were willing to offer support with it being a payment issue between themselves and you server.

Andy

Please feel free to review / rate our software

Hi
This problem is still going on.
After much to-ing and fro-ing with Paypal, they are insistant that the issue does not lie with them, to quote "I would suggest you to contact the E-commerce platform provider on getting this fix."

• Our email address set up in the Payment Providers option matches the Paypal email.


• Within Paypal, the IPN has been setup to go to the https section of the site.


• The Paypal auto return address was set to the https server also - although I have now switched this off as it's too annoying for our customers

IPNs are being sent by Paypal (I can see them in the IPN log on Paypal) but it appears that ECT is not picking them up. Is there a way of testing the ECT Paypal verification is working properly?

I think PayPal are suggesting contacting the Ecommerce Platform provider as many stores use a hosted solution these days and the problem lies with the TLS1.2 support on the server - for a hosted store that would be a problem with the provider on a licensed store that would be the company providing the hosting. We have a TLS1.2 check here https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=107642 and you'll see that http://www.yourstoreurl.com/shop/vsadmin/ppconfirm.asp?ppdebug=tls fails the test

Your host should only have TLS1.2 available so I would ask if they can remove TLS1.1 as there's no reason now to offer that now.

Andy

Please feel free to review / rate our software

Our secure server is a shared server; I currently have a support ticket with our host but their response so far is that, because its a shared server, they are not prepared to switch off TLS 1.1: "We can't disable TLS 1.1 on the server because it would affect all customers and we might have some customers still using it."

They also stated this though: "TLS 1.2 is the default TLS. If the script is not specifying to use TLS 1.1, it should be using TLS 1.2 by default. "
Is there any chance at all that somewhere in the code of ppconfirm.asp (or linked pages) that the system is being forced to use TLS 1.1? Any chance at all? Because to me, what our host says makes sense... if TLS 1.2 is the default why would having 1.1 affect it?

For info, I've had a look at the "orders" table within the database. The IPNs were successfully being received up to 28th June 2018. Beyond that date no paypal orders received the IPN information, they come up as "no ipn". This date coincides with Paypal insisting that TLS 1.2 is used.

Your host really shouldn't support TLS1.1 for security reasons - I can't see why they would want to. There was a post near the end of the thread here though https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=110453 that may help.

Andy

Please feel free to review / rate our software

Funnily enough I spotted that one yesterday, and have updated my support ticket with them with a link to the article.
I shall wait and see what they say.
thanks

Please let us know and hopefully that will be sorted for you.

Andy

Please feel free to review / rate our software