TLS 1.2 and HTTP/1.1 Upgrade

PayPal is upgrading the protocols used to secure all external connections made to our systems. Transport Layer Security version 1.2 (TLS 1.2) and Hypertext Transfer Protocol version 1.1 (HTTP/1.1) will become mandatory for communication with PayPal in 2018. You will need to check that your environment supports TLS 1.2 and HTTP/1.1, and if necessary make appropriate updates by 30 June 2018.

The information below is very technical. We recommend it's reviewed by one of the following:

Your web hosting company

Your ecommerce software provider

Your in-house web programmer/system administrator

In a nutshell...

Merchants and partners use HTTPS to connect with PayPal servers securely. We use the Transport Layer Security (TLS) protocol to encrypt these communications. To ensure our systems' security and adhere to industry best practices, we are updating our services to require TLS 1.2 for all HTTPS connections. At this time, PayPal will also require HTTP/1.1 for all connections. To help us avoid any disruption to your service, you'll need to check that your systems are ready for this change by 30 June 2018. To help you understand the areas of your integration that still require work, we'll conduct brief rounds of testing throughout June to demonstrate the upgraded security experience.

What do I need to do?

Single Logo

Note:

To avoid having to make versioning changes reactively in the future, we recommend that you code your system to always negotiate using the highest possible version.


If you continue to browse, we'll use cookies that make our site work, improve performance and customise your experience. If you accept, we'll also use cookies to personalise ads. Manage your cookies