Support

November 13, 2016 at 5:06 pm

I received an email from Brandur Leach <brandur.leach@stripe.com> on 12 August with the text below. I guess that the latest Stripe plugin deals with this, but can you confirm? Thanks.

—

Hello!

My name is Brandur and I’m an engineer at Stripe.

In 2017, we’ll be deprecating some of the older security protocols (TLS
1.0,
TLS 1.1, and SHA-1) used to make connections with Stripe’s APIs. I’m
reaching
out to give you an early heads up because your Stripe integration might
be
impacted.

Here are some of the key upcoming dates:

* On January 1, 2017, we’ll drop support for TLS 1.0 connections and
SHA-1
certificates.
* On May 1, 2017, we’ll drop support for TLS 1.1 connections.

We’ve noticed that your Stripe integration appears to be using TLS 1.0,
so
you’ll want to follow the steps in this upgrade guide [1] to ensure that
your
Stripe integration isn’t interrupted in the next year.

To be clear, upgrading to TLS 1.2 will generally not involve any changes
to
your code, but may require that you update your operating systems,
system
packages, or language runtime libraries. (The exact methodology depends
on your
technology stack.)

While you’ll be required to make these changes to ensure that your
Stripe
integration isn’t interrupted, I’d like to stress that TLS 1.0, TLS 1.1,
and
SHA-1 are widely considered to be dangerously weak and upgrading as
early as
possible is an important part of keeping your business secure. If you’d
like
more information about the topic, we’ve written up a blog post [2].

If you have any questions about this change, or need help in upgrading
your
systems, please don’t hesitate to ask—you can just reply to this email!

Thanks,
Brandur

[1]
https://support.stripe.com/questions/how-do-i-upgrade-my-stripe-integration-from-tls-1-0-to-tls-1-2
[2] https://stripe.com/blog/upgrading-tls