With the upcoming changes to PCI compliance and the whole credit-card industry, it’s important to ensure that your SSL encryption supports TLS 1.2 and HTTP/1.1. If you’re here, you more than likely received a letter or warning from PayPal or your credit card provider that you failed a test or otherwise need to verify support of these things.
*Note: it’s not actually possible to enter in your URL to test for TLS support in a third-party website. They can tell you what versions of TLS are enabled for your SSL certificate, but cannot verify that the site itself is functioning properly using TLS 1.2, and they also cannot verify that HTTP/1.1 is supported. Read on for the real test.
The dubious nature of these “failed” warnings notwithstanding, it’s actually not very hard to check and see if your current server supports these protocols. All we need to do is add a simple test file to our site and check the results.
Here’s what you’ll do!
- First, you’ll need access to your site’s files. FTP or sFTP work best, but if you have an online file manager that will work fine as well.
- Next, create a file called test.php in your site’s root folder.
- In that file, copy the following code in to the content of that page:
123456789101112131415161718192021222324252627<?php//Code retrieved from https://pagecrafter.com/check-if-your-website-supports-tls-1-2-tutorial/echo 'PayPal TLS 1.2 and HTTP/1.1 test response: <br /><br />';$ch = curl_init();curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/");curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);$output = curl_exec($ch);curl_close($ch);if ($output == 'PayPal_Connection_OK') { echo '<span style="color:green;">' . $output. '</span>'; }else { echo '<span style="color:red;">' . $output. '</span>'; }?><ul><li><strong>On success:</strong> A successful connection to https://tlstest.paypal.com will return an HTTP 200 response with the following text in the body: “PayPal_Connection_OK”</li><li><strong>On failure:</strong> One of the following errors will occur depending on what your system does not support:<ul><li><strong>HTTPS</strong> – tlstest.paypal.com will return an HTTP 400 response with the following text in the body:“ERROR! Connection is not HTTPS. Please use https://tlstest.paypal.com”</li><li><strong>HTTP/1.1</strong> - tlstest.paypal.com will return an HTTP 400 response with the following text in the body:“ERROR! Connection is using HTTP/1.0 protocol. Please use HTTP/1.1”</li><li><strong>TLS 1.2</strong> - tlstest.paypal.com will return will return an HTTP 400 response with the following text in the body: “ERROR! Connection is using TLS version lesser than 1.2. Please use TLS1.2”</li></ul></li></ul><?php ?> - Access this file by going to your website and adding /test.php to the web address. So if your site is example.com , you would go to example.com/test.php .
You should easily get your answer! This page will let you know whether your site supports TLS 1.2 and HTTP/1.1. Follow the descriptions of the results on the page to determine whether you’ve passed, or what the issues are.
If you get a green “PayPal_Connection_OK”, then you’re all set! Your server fully supports these protocols. A red message indicates that there is an issue.
How does this work? Simple! It’s just a basic script that accesses PayPal’s API endpoint which is designed only to determine whether TLS 1.2 and HTTP/1.1 are supported. A simple response is returned which lets you know the result.
Alternatively, there is a website you can use that will check your SSL certificate and tell you which protocols it supports. This will show you which TLS versions are enabled, but not whether HTTP/1.1 is available.
- Go to the DigiCert SSLTools website.
- Click “Check SSL/TLS.
- Enter in your website address and click “Check”. I recommend entering it as *.example.com
- Once it’s done checking, click “Details” and then “Server Configuration”. In the top-left corner of the results, it should say “Protocols enabled” and under that, you will hopefully see “TLS1.2”. If so, you’re all set!
These protocols are important because they make sure credit card data is fully secured, according to the PCI-compliant standards. If you fail, please let us know so we can take a look. It may be time to switch to some better website hosting!