Reputation: 537
Payflow Pro and TLS 1.2 via COM DLL
No later than June 30th everyone using Paypal's Payflow Pro integration must be using TLS 1.2.
Our current implementation are window's COM DLL's built in VB6. To get around that limitation we're rebuilding them in C#.NET using .NET framework 4.6.1
I rebuilt them and started testing and noticed that my DLL is not communicating over TLS 1.2
Our problem is that 4.6.1 supports TLS 1.2 by default... except when we are using these as COM DLL's. They seem to take on server settings so I can see the server they are on is using SSL and TLS.
Per other SO recommendations I am able to set ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
Yeah, this works, except...
So this is a static setting, and essentially changes this value on "the server" as a whole.
We need to publish these DLLs to all of our web servers and these servers need to support other protocols at this time even though Paypal is requiring communication come over TLS 1.2 only.
I'm just not sure what exactly this is doing to the server settings. Is forcing TLS 1.2 for Paypal then going to prevent other traffic from coming in?
I don't have any option for this implementation at this time. They have to be DLLs to replace the old ones since we have hundreds of applications referencing these DLLs and we can't come up with a more modern solution because that would require too much more time and then the touching of every application's code (old legacy system).
I can't grab the current setting, change it for the paypal call, then put it back because with so many calls to this DLLs, it could already be in a 1.2 state from another call.
Is this the only way I'm going to be able to force TLS 1.2 communication with Paypal Payflow Pro and if so, is that setting going to disrupt communication for all of the other less restrictive web traffic? I just don't have a good grip on what this setting does and what it will affect.
Upvotes: 2
Views: 444
Answers (1)
Reputation: 537
Our IT team was none too helpful with this so I had to handle it via code. I'm pretty sure there is a way to get the server to do this by default, but since I couldn't get any internal help, this is what I did:
What I did was be sure that TLS 1.2 was enabled when instantiating an instance of my class within the DLL as follows:
public myClassConstructor()
{
// instantiate class process...
// Call the process to be sure TLS 1.2 is enabled
HelperMethods.SetSecurityProtocol();
}
public static void SetSecurityProtocol()
{
// Verify if TLS 1.2 is enabled on the server. If not, add it to the current collection of available protocols
if (!System.Net.ServicePointManager.SecurityProtocol.HasFlag(System.Net.SecurityProtocolType.Tls12))
{
System.Net.ServicePointManager.SecurityProtocol |= System.Net.SecurityProtocolType.Tls12;
}
}
Upvotes: 0
Related Questions
- How to implement Security Protocols TLS 1.2 in .Net 3.5 framework
- .NET Framework 3.5 and TLS 1.2
- Paypal Authentication error while creating connection in .Net Framework 4.5
- Could not create SSL/TLS secure channel - GetRequestStream()
- Classic ASP Outbound TLS 1.2
- Error: Failed To Connect to Host Uri Using PayFlow Pro and ASP.NET 1.1
- Paypal TLS 1.2 and .NET 3.5 Compatibility
- PayPal tls 1.2 SSL Update 10002
- PayPal website payments pro TLS
- Payflow Pro .Net SDK (Payflow_dotNET.dll) missing CUSTREF option for Inquiry Transaction command