Moodle affected by the Paypal IPN change?

Moodle affected by the Paypal IPN change?

by Joseph Thibault -
Number of replies: 4
Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers

From Paypal:

PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.
 
This upgrade is scheduled for 9/30/2015 however, we may need to change this date on short notice to you to align to the industry security standard.

You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!

Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.

Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.

Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.

Does this affect Moodle's Paypal Enrollment method?
Average of ratings: Useful (2)
In reply to Joseph Thibault

Re: Moodle affected by the Paypal IPN change?

by Floyd Saner -
Joe,


I have the same question and hope someone can give a definitive answer. 

From what I understand, the issue arises only if IPN is used, and it refers to the type of security certificate on your Moodle site.  If you are not using IPN, then it is not an issue.  I have IPN turned off on my PayPal account, but I saw one forum post that said the IPN reference is embedded in the Moodle code.  I'm not certain if that is correct or not.

What I don't know is how PayPal notifies Moodle that payment has been made and it is OK to enroll a student in the course that was purchased.  

Any up-to-date browser will support SHA-256, and I suspect most, if not all, up-to-date certificates support SHA-256.  I believe PayPal is covering themselves with this notification.... just in case.  But it is causing many, many people to wonder whether or not they need to do anything.

Let's hope someone with good authority on the topic weighs in here.

Floyd

Average of ratings: -
In reply to Floyd Saner

Re: Moodle affected by the Paypal IPN change?

by Floyd Saner -

Submitting an update to my post....

I believe the main issue here is not Moodle, but the server configuration and the SSL certificate.  You can test your certificate at https://www.sha2sslchecker.com/

My certificate checks out OK, as well as those of my clients.

Floyd

Average of ratings: Useful (1)
In reply to Joseph Thibault

Re: Moodle affected by the Paypal IPN change?

by Dave Emsley -

Just dropped in to ask the same question

Average of ratings: -