1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 user upgrades - TLS 1.2 message

Discussion in 'XenForo Questions and Support' started by SnoSheriff, Mar 23, 2016.

  1. SnoSheriff

    SnoSheriff Active Member

    I just noticed the following message in my user upgrades section
    What do I need to request from my server provider?
  2. Fred.

    Fred. Well-Known Member

  3. SnoSheriff

    SnoSheriff Active Member

    My server operators asked the following:

    Obviously I don't want to break anything. What is the right thing to do and say?
  4. Mike

    Mike XenForo Developer Staff Member

    They seem to be taking that as you only want your site to be accessible via TLS 1.2. That's not what the error is saying -- it's that PHP doesn't support making requests with TLS 1.2. Changing this may require updating OpenSSL, updating cURL, changing cURL to use a different SSL library, or (worst case) an OS change/server change. Unfortunately, this can be difficult to support without pretty fundamental changes.
  5. SnoSheriff

    SnoSheriff Active Member

    I sent the message straight from XF console (listed in my original post above) but it's not clear to me and server operators what to do.

    I'm a noob in this area. Please clarify what exactly should I be asking for? What is my request/requirement for the operators?

    Thank you.
  6. Mike

    Mike XenForo Developer Staff Member

    You need the necessary server libraries to support making outgoing requests using TLS 1.2 and these libraries need to be exposed to PHP (either via PHP itself or PHP's cURL extension).
  7. SnoSheriff

    SnoSheriff Active Member

    My server ops still are not entirely clear on what needs to be done. They asked for my XF admin access so they can trace the 'error' message. Is that a good idea?

    Is this the Paypal requirement page that this change will address? Is this something that my server ops may understand? I'd rather point them to the requirements stating what needs to be done on the server...
  8. Mike

    Mike XenForo Developer Staff Member

    Those are the correct pages. The flow chart on the second link is getting to "Does your system already support TLS 1.2 and HTTP/1.1?" and we're detecting that the answer is no (for TLS 1.2). There's also some PHP-specific discussion here: https://github.com/paypal/TLS-update
  9. teletubbi

    teletubbi Well-Known Member

    Not at all.

    To be honest.
    They are selling server space for money.
    Than it is their job to get this working.
    Or to hire someone who can do this.

    For example.
    You buy a new car. You would expect, if the car is broken, that the car manufacturer is able to fix it. And not that you have to figure out how to do it and tell them.
  10. SnoSheriff

    SnoSheriff Active Member

    Still working on this... How do I test to see if the server is configured correctly? What needs to be checked and what are the expected results? Thank you.
  11. Mike

    Mike XenForo Developer Staff Member

    The user upgrades section dynamically detects whether PHP supports sending TLS 1.2 requests. If you don't see that message, your server supports it.
  12. SnoSheriff

    SnoSheriff Active Member

    Ok, I no longer see a message in the "admin.php?user-upgrades/" section. However I see 14 error logs between 1:35AM-1:46AM (today):
    What does this mean and what should I do?

    As a side note, I received user upgrade Paypal at 2:18AM so I'm guessing that it's all working and maybe this error was logged during the TLS upgrade timeframe?
  13. Mike

    Mike XenForo Developer Staff Member

    1.5.7 has changes to better support servers that don't support TLS 1.2 before PayPal brings these changes in. It sounds like that may have been affecting you, though if you now support TLS 1.2 and an upgrade was processed successfully, then you probably don't need these changes.

    It's worth checking your PayPal logs to confirm that whoever bought the upgrade where this error occurred has been upgraded successfully. PayPal will retry failed IPN calls (which this is triggering) over the course of about 5 days, so I'm guessing it has gone through, but it's worth confirming.
  14. Rigo

    Rigo Active Member

    I just wish I knew someone who knew how to make all these changes and fix this for me. :unsure:

Share This Page