PayPal demands PCI DSS Compliance with TLS 1.2 but misses the cut!

Whoops!

PayPal warns that if you don’t support TLS 1.2 that you won’t be able to process payments with them but what happens if they don’t support it themselves?!

PayPal has sent numerous dire e-mails for a very long time which seem not to be based on the current status of a client’s webserver support of TLS 1.2 because we keep getting these messages:

Paypal-doesnt-support-tls1.2

Until I allowed TLSV1 again on our e-mail servers I couldn’t even receive e-mails from PayPal because most of their mailservers only support TLSV1!  Now don’t get me wrong, the e-mail is talking about our web server support of TLSV1.2 and NOT the e-mail server.  But we still can’t find it ironic and silly that by enabling TLSV1.2 on our e-mail servers that it actually stops us from receiving e-mails from PayPal. At the time of this writing clearly almost all of PayPal’s e-mail servers were unable to support TLS 1.2

SSL_accept error from mx0.phx.paypal.com[66.211.168.230]: -1

The above error is happening simply because my mailserver doesn’t support the old TLS version but because of PayPal we had re-enable it or risk losing all e-mails from PayPal.

See the slew of failed attempts for PayPal’s e-mail servers to negotiate a TLS 1.2 connection with our e-mail server.  The problems only went away and we only began receiving e-mail once we allowed TLS V1 on our e-mail servers.

Jul  8 19:44:10 mailserver postfix/smtpd[12548]: connect from mx0.slc.paypal.com[173.0.84.225]
Jul  8 19:44:10 mailserver postfix/smtpd[12548]: EAC4517C1BD4: client=mx0.slc.paypal.com[173.0.84.225]
Jul  8 19:44:11 mailserver postfix/cleanup[12467]: EAC4517C1BD4: message-id=<1531093449.18638@paypal.com>
Jul  8 19:44:11 mailserver postfix/qmgr[31105]: EAC4517C1BD4: from=<service@intl.paypal.com>, size=69603, nrcpt=2 (queue active)
Jul  8 19:44:11 mailserver spamd[22134]: spamd: processing message <1531093449.18638@paypal.com> for mailuser:501
Jul  8 19:44:11 mailserver spamd[22134]: spamd: result: . -5 – DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,T_REMOTE_IMAGE,USER_IN_DEF_DKIM_WL scantime=0.4,size=68691,user=mailuser,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52653,mid=<1531093449.18638@paypal.com>,autolearn=no
Jul  8 19:44:12 mailserver postfix/pickup[12218]: 0CD3017C2C18: uid=501 from=<service@intl.paypal.com>
Jul  8 19:44:12 mailserver postfix/cleanup[12467]: 0CD3017C2C18: message-id=<1531093449.18638@paypal.com>
Jul  8 19:44:12 mailserver postfix/qmgr[31105]: 0CD3017C2C18: from=<service@intl.paypal.com>, size=70015, nrcpt=2 (queue active)
Jul  8 19:44:14 mailserver dovecot: lda(user@domain.com): msgid=<1531093449.18638@paypal.com>: saved mail to INBOX
Jul  8 19:44:16 mailserver postfix/smtpd[12548]: disconnect from mx0.slc.paypal.com[173.0.84.225]
Jul  8 19:44:16 mailserver dovecot: lda(user@domain.com): msgid=<1531093449.18638@paypal.com>: saved mail to INBOX
Jul  8 19:46:10 mailserver postfix/smtpd[12548]: connect from mx3.slc.paypal.com[173.0.84.228]
Jul  8 19:46:10 mailserver postfix/smtpd[12548]: SSL_accept error from mx3.slc.paypal.com[173.0.84.228]: -1
Jul  8 19:46:10 mailserver postfix/smtpd[12548]: lost connection after STARTTLS from mx3.slc.paypal.com[173.0.84.228]
Jul  8 19:46:10 mailserver postfix/smtpd[12548]: disconnect from mx3.slc.paypal.com[173.0.84.228]
Jul  8 19:48:04 mailserver postfix/smtpd[12548]: connect from mx3.slc.paypal.com[173.0.84.228]
Jul  8 19:48:04 mailserver postfix/smtpd[12548]: SSL_accept error from mx3.slc.paypal.com[173.0.84.228]: -1
Jul  8 19:48:04 mailserver postfix/smtpd[12548]: lost connection after STARTTLS from mx3.slc.paypal.com[173.0.84.228]
Jul  8 19:48:04 mailserver postfix/smtpd[12548]: disconnect from mx3.slc.paypal.com[173.0.84.228]
Jul  8 19:49:12 mailserver postfix/smtpd[12548]: connect from mx0.phx.paypal.com[66.211.168.230]
Jul  8 19:49:12 mailserver postfix/smtpd[12548]: SSL_accept error from mx0.phx.paypal.com[66.211.168.230]: -1
Jul  8 19:49:12 mailserver postfix/smtpd[12548]: lost connection after STARTTLS from mx0.phx.paypal.com[66.211.168.230]
Jul  8 19:49:12 mailserver postfix/smtpd[12548]: disconnect from mx0.phx.paypal.com[66.211.168.230]
Jul  8 19:50:01 mailserver postfix/smtpd[12548]: connect from mx0.phx.paypal.com[66.211.168.230]
Jul  8 19:50:01 mailserver postfix/smtpd[12548]: SSL_accept error from mx0.phx.paypal.com[66.211.168.230]: -1
Jul  8 19:50:01 mailserver postfix/smtpd[12548]: lost connection after STARTTLS from mx0.phx.paypal.com[66.211.168.230]
Jul  8 19:50:01 mailserver postfix/smtpd[12548]: disconnect from mx0.phx.paypal.com[66.211.168.230]

Are you Paypal user? What are your thoughts?

Cheers,
A.Yasir

Areeb Soo Yasir

Business and technology have always gone hand in hand for me, and now I've built nearly 20 years of expertise. A few notable achievements: -> Tier III-Designed & deployed multiple mission critical datacenter environments in Canada, US, Hong Kong, Singapore & China. -> Software Engineering: Created a Linux OS from scratch, including a custom kernel to maintain millions of dollars in client infrastructure, deploy and report as needed. Created the “Windows Geeks” and “Password Pros” Windows Password Reset software recommended by Microsoft. -> Business Negotiations: Conducted intensive negotiations with branches of the Peoples Republic of China and the various state-run Telecom operations including China Telecom and China Unicom for access to their trillion dollar backbone infrastructure. We were the first western company to have such network access where other IT companies such as Vodafone and Google failed. -> Cloud Infrastructure Creation: Created the first proprietary “Clustered Cloud Architecture” that rivals competing Google, IBM, Microsoft & Alibaba alternatives. I'd love to chat #IT or #Linux or even #Business, so don't hesitate to connect. Cheers!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *