Paypal reminds users: TLS 1.2 and HTTP/1.1 is obligatory

As of June 30 this year, Paypal will use TLS 1.2 and HTTP/1.1 protocols by default. It means that most users need to update their browsers. Paypal alerts:

“PayPal is upgrading the protocols used to secure all external connections made to our systems. Transport Layer Security version 1.2 (TLS 1.2) and Hypertext Transfer Protocol version 1.1 (HTTP/1.1) will become mandatory for communication with PayPal in 2018.

You will need to verify that your environment supports TLS 1.2 and HTTP/1.1, and if necessary make appropriate updates.”

The original new security protocol could be put into practical use earlier, but in 2015 the PCI Security Standards Committee decided to extend the old security agreement, because the committee considered that the retailer could not complete the switch of the new contract by June 2016. The committee believed that It was the smartphone manufacturer who was dragging its feet and did not support new security protocols in mobile browsers.

This week the Internet Engineering Task Force (IETF) drafted a formal deprecation of the old security agreement states that did not attract the attention of Internet giants. Of the world’s top 1 million websites, only 1.1% of the sites still support the old security protocols, and most of them have already switched to new security protocols.

Paypal began upgrading its testing work from April this year. Today, it also announced that it would spend 400 million US dollars to acquire another payment platform, Hyperwallet, which will expand Paypal’s market share and payment methods.