My website is running TLS 1.2, as verified by https://www.ssllabs.com/ However, I keep seeing in Stripe that charges are coming through as TLS 1.0, and that I need to upgrade.
I called Hostmonster, and they also verified I am on TLS 1.2.
So what am I missing? Why are the charges still coming through TLS 1.0??
I am using Stripe with PHP.
分享 The issue you're seeing is not with your certificate (as tested by SSLLabs), but with the TLS communication between your server and your gateway (Stripe in this case). Payment providers are removing support for TLS 1.0 and 1.1 due to some changes in PCI compliance rules.
If you're getting messages from your payment gateway, this probably means that your server is defaulting to use TLS 1.0 or 1.1 instead of the required TLS 1.2. Usually this is due to outdated software or configuration issues on your server. To fix this you or your host will probably need to update packages like OpenSSL and curl.
This PHP test script can be helpful in identifying the OpenSSL and curl versions that your server is using, whether or not it is capable of communicating over TLS 1.2. I might advise running it, and sharing the results with your web host.
https://gist.github.com/olivierbellone/9f93efe9bd68de33e9b3a3afbd3835cf
Also, helpful link about upgrading OpenSSL from Stripe https://support.stripe.com/questions/how-do-i-upgrade-my-openssl-to-support-tls-1-2
分享
