PayPal demands PCI DSS Compliance with TLS 1.2 but misses the cut!

Whoops!

PayPal warns that if you don’t support TLS 1.2 that you won’t be able to process payments with them but what happens if they don’t support it themselves?!

PayPal has sent numerous dire e-mails for a very long time which seem not to be based on the current status of a client’s webserver support of TLS 1.2 because we keep getting these messages:

Paypal-doesnt-support-tls1.2

Until I allowed TLSV1 again on our e-mail servers I couldn’t even receive e-mails from PayPal because most of their mailservers only support TLSV1!  Now don’t get me wrong, the e-mail is talking about our web server support of TLSV1.2 and NOT the e-mail server.  But we still can’t find it ironic and silly that by enabling TLSV1.2 on our e-mail servers that it actually stops us from receiving e-mails from PayPal. At the time of this writing clearly almost all of PayPal’s e-mail servers were unable to support TLS 1.2

SSL_accept error from mx0.phx.paypal.com[66.211.168.230]: -1

The above error is happening simply because my mailserver doesn’t support the old TLS version but because of PayPal we had re-enable it or risk losing all e-mails from PayPal.

See the slew of failed attempts for PayPal’s e-mail servers to negotiate a TLS 1.2 connection with our e-mail server.  The problems only went away and we only began receiving e-mail once we allowed TLS V1 on our e-mail servers.

Jul  8 19:44:10 mailserver postfix/smtpd[12548]: connect from mx0.slc.paypal.com[173.0.84.225]
Jul  8 19:44:10 mailserver postfix/smtpd[12548]: EAC4517C1BD4: client=mx0.slc.paypal.com[173.0.84.225]
Jul  8 19:44:11 mailserver postfix/cleanup[12467]: EAC4517C1BD4: message-id=<1531093449.18638@paypal.com>
Jul  8 19:44:11 mailserver postfix/qmgr[31105]: EAC4517C1BD4: from=<service@intl.paypal.com>, size=69603, nrcpt=2 (queue active)
Jul  8 19:44:11 mailserver spamd[22134]: spamd: processing message <1531093449.18638@paypal.com> for mailuser:501
Jul  8 19:44:11 mailserver spamd[22134]: spamd: result: . -5 – DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,T_REMOTE_IMAGE,USER_IN_DEF_DKIM_WL scantime=0.4,size=68691,user=mailuser,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52653,mid=<1531093449.18638@paypal.com>,autolearn=no
Jul  8 19:44:12 mailserver postfix/pickup[12218]: 0CD3017C2C18: uid=501 from=<service@intl.paypal.com>
Jul  8 19:44:12 mailserver postfix/cleanup[12467]: 0CD3017C2C18: message-id=<1531093449.18638@paypal.com>
Jul  8 19:44:12 mailserver postfix/qmgr[31105]: 0CD3017C2C18: from=<service@intl.paypal.com>, size=70015, nrcpt=2 (queue active)
Jul  8 19:44:14 mailserver dovecot: lda(user@domain.com): msgid=<1531093449.18638@paypal.com>: saved mail to INBOX
Jul  8 19:44:16 mailserver postfix/smtpd[12548]: disconnect from mx0.slc.paypal.com[173.0.84.225]
Jul  8 19:44:16 mailserver dovecot: lda(user@domain.com): msgid=<1531093449.18638@paypal.com>: saved mail to INBOX
Jul  8 19:46:10 mailserver postfix/smtpd[12548]: connect from mx3.slc.paypal.com[173.0.84.228]
Jul  8 19:46:10 mailserver postfix/smtpd[12548]: SSL_accept error from mx3.slc.paypal.com[173.0.84.228]: -1
Jul  8 19:46:10 mailserver postfix/smtpd[12548]: lost connection after STARTTLS from mx3.slc.paypal.com[173.0.84.228]
Jul  8 19:46:10 mailserver postfix/smtpd[12548]: disconnect from mx3.slc.paypal.com[173.0.84.228]
Jul  8 19:48:04 mailserver postfix/smtpd[12548]: connect from mx3.slc.paypal.com[173.0.84.228]
Jul  8 19:48:04 mailserver postfix/smtpd[12548]: SSL_accept error from mx3.slc.paypal.com[173.0.84.228]: -1
Jul  8 19:48:04 mailserver postfix/smtpd[12548]: lost connection after STARTTLS from mx3.slc.paypal.com[173.0.84.228]
Jul  8 19:48:04 mailserver postfix/smtpd[12548]: disconnect from mx3.slc.paypal.com[173.0.84.228]
Jul  8 19:49:12 mailserver postfix/smtpd[12548]: connect from mx0.phx.paypal.com[66.211.168.230]
Jul  8 19:49:12 mailserver postfix/smtpd[12548]: SSL_accept error from mx0.phx.paypal.com[66.211.168.230]: -1
Jul  8 19:49:12 mailserver postfix/smtpd[12548]: lost connection after STARTTLS from mx0.phx.paypal.com[66.211.168.230]
Jul  8 19:49:12 mailserver postfix/smtpd[12548]: disconnect from mx0.phx.paypal.com[66.211.168.230]
Jul  8 19:50:01 mailserver postfix/smtpd[12548]: connect from mx0.phx.paypal.com[66.211.168.230]
Jul  8 19:50:01 mailserver postfix/smtpd[12548]: SSL_accept error from mx0.phx.paypal.com[66.211.168.230]: -1
Jul  8 19:50:01 mailserver postfix/smtpd[12548]: lost connection after STARTTLS from mx0.phx.paypal.com[66.211.168.230]
Jul  8 19:50:01 mailserver postfix/smtpd[12548]: disconnect from mx0.phx.paypal.com[66.211.168.230]

Are you Paypal user? What are your thoughts?

Cheers,
A.Yasir

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *