How to Handle the TLS Error Message
Stripe now requires that any website using their API implements TLS version 1.2 or higher. If you’ve seen an error from Stripe.com regarding this on your website, here’s how to handle that.
-
The Stripe TLS 1.2 Error Message in GiveWP - The error message above indicates that your web host is using an outdated version of TLS which is no longer supported by Stripe (or PayPal). This is not a problem with GiveWP or our Stripe Add-on, but something you’ll need to resolve with your web host.
We know that occasionally dealing with your web host is not always very productive. So we wanted to provide you with all the information you need to give them actionable steps to resolve this issue for you as soon as possible.
What is Your Current TLS Version?
Let’s first confirm that your TLS truly is outdated. The easiest way to do that is to install this plugin:
After you install and activate the TLS 1.2 Compatibility plugin, go to “Tools > TLS 1.2 Test”. There you’ll see a screen like this:
You can see in the example above that the TLS is outdated. You will also see that you have the option to force cURL to use TLS 1.2. This might be a workaround for you, but getting your web server properly updated is preferable.
What is Required for TLS Compatibility?
Stripe has a helpful article on this here. In their words, TLS and SHA are what “power the ‘S’ in HTTPS”. They say that:
SHA-1 is one of the algorithms you can use to authenticate who you’re talking to. It’s now considered dangerously weak… TLS 1.0 and 1.1 ensure that your communications stay private. In order to do this, they generate a series of random bytes used to encrypt your connection…As a result, Stripe and the rest of the internet are moving towards SHA-2 and TLS 1.2. These technologies have few known attacks and were subject to more rigorous security design than their predecessors.
There are several technologies that payment gateways leverage that are directly impacted by these changes. Upgrading your TLS version is not enough. In order for GiveWP (or any e-Commerce plugin) to use your payment gateway effectively, the following should all be updated accordingly:
- cURL — minimum version 7.40
- PHP — minimum version 5.4 (The tester plugin will show an error for anything below 5.5.19 but we’ve tested many accounts with lower versions and had success). You can read our post on our position on the importance of PHP versions here.
- OpenSSL – minimum version 1.0.1
With this information, you can go to your host with exactly the specifications that you need.
Contact Your Host
The value of a good web host depends largely on their ability to resolve your hosting issues. With the above information at hand, reach out to them via their preferred Support channel. Ideally, they will understand the issue, update your versions accordingly and when you run the plugin again you’ll be good to go.
If your host is not receptive to upgrading, then that might be an indicator that it’s time to look for another web host.
Here’s a short list of hosts that we have personally verified that have updated versions of all of these technologies out-of-the-box:
