Payment processor update

All payment systems must disable early TLS by 2018. As part of this requirement, PayPal, Authorize.Net and Braintree are updating their services to require TLS 1.2 for all HTTPS connections along with requiring HTTP/1.1 for all connections.
If you are a Cividesk customer there is nothing to be alarmed about. As part of our service, Cividesk will take care of these changes. For non-customers, you need to make sure your CiviCRM is all set with this change which you could do by doing the following checks.

What does this mean?

 You must make sure that you are up-to-date with security updates, including current versions of operating systems, encryption libraries, and runtime environments.
To get started, use the following notes to verify the TLSv1.2 readiness in your environments:

PHP requirements


Find OpenSSL in these locations:
  1. OpenSSL installed in your operating system's openssl version.
  2. OpenSSL extension installed in your PHP. Find this in your php.ini.
  3. OpenSSL used by PHP_CURL.curl_version().
These OpenSSL extensions can be different, and you update each one separately.
PayPal and other PHP SDKs use the same OpenSSL extension that PHP_CURL uses to make HTTP connections. The PHP_CURL OpenSSL extension must support TLSv1.2.
The php_curl library uses its own version of the OpenSSL library, which is not the same version that PHP uses, which is the file in php.ini.

To verify your PHP and TLS versions

  1. To find the openssl_version information for cURL, run:
    php -r 'echo json_encode(curl_version(), JSON_PRETTY_PRINT);'
  2. The returned php_curl version might be different from the openssl version because they are different components.
  3. When you update your OpenSSL libraries, you must update the php_curl OpenSSL version and not the OS OpenSSL version.
  4. Download cacert.pem and TlsCheck.php.
  5. In a shell on your production system, run:
    php -f TlsCheck.php
  • On success:

  • On failure:

    curl_error information
  • Make sure that your command line test uses the same versions of PHP and SSL/TLS libraries that your web server uses.
  • If you use MAMP or XAMPP as your development set up, the PHP that is packaged with them uses an earlier version of OpenSSL, which you cannot easily update. For more information about this issue and a temporary workaround, see Unknown SSL protocol error.


Plans to disable TLS 1.0 and TLS 1.1 on the following dates :
PayPal: June 30, 2017
Braintree: June 30, 2017
Authorize.Net Sandbox: April 30, 2017
Authorize.Net Production: September 18, 2017