eBay Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Update browser??

anaturallady
Explorer

‎06-29-2018 07:21 AM

My friend can't get on ebay or paypal. Message tells him to update browser by June 30. So, he updated Safari yesterday -- and it's not June 30 yet -- but he still gets the message. Any thoughts on how to correct this?

Message 1 of 5
latest reply
0 Helpful
4 REPLIES 4

Re: Update browser??

berserkerplanet
Rockstar

‎06-29-2018 05:51 PM

PayPal made the change early. eBay.com has made no security protocol changes (I'm using really old Firefox 3.6.24 with its TLS 1.0 limitations for most eBay functions just fine)

Firefox 3.6.24 can no longer connect to PayPal as of today - which I fully expected as it only supports TLS 1.0, and it appears PayPal made the jump all the way to TLS 1.2 (even though TLS 1.1 was all that was required for PCI-DSS compliance by the credit card companies - a bit of future proofing I guess)

This is happening because of credit card industry security requirements for transaction security. Basically forcing an update to browser that support TLS 1.2 security protocols at a minimum.

This is the error message that PayPal throws in Firefox 3.6.24 beginning today:
  "ERROR! Connection is using TLS version lesser than 1.2. Please use TLS1.2"

(obviously written by someone without much command of the English language)


PayPal may still throw an error banner even for a browser that supports TLS 1.2 because they are doing what looks like inept browser user agent checking and flagging compliant but older browsers by version number (ie: I use older Firefox 31 that isn't on their approved list but is compliant and works fine.)

Your friend need to check here:
  https://www.paypal.com/us/smarthelp/article/how-do-i-check-and-update-my-web-browser-faq3893
and run the browser test near the top of the page to see what is going on.

Without more detail it's impossible to say. It's entirely possible to still be getting warning banners (due to the stupid user-agent checking) but still be able to log in and go about your business (the actual TLS 1.2 session negotiation and the user-agent header checking are two different things).

That's what happened with the USPS TLS upgrade rollout around May of this year. Firefox 31 was still getting a warning banner, but working fine at USPS.com, so I spoofed it as Firefox 59 to get rid of the banner. Looks like they may have removed the user-agent check, so no longer need to spoof the version as it meets the USPS TLS 1.1/1.2 requirement.

Browser user-agent spoofing might be an option if browser is TLS 1.2 to get around warnings, but doubt that Safari can even do that, or that your friend is up to that technical challenge.

Need more information since the eBay thing makes no sense.
What does "can't get on ebay or paypal" mean?
Are we talking about a mobile device?
What error messages are showing or what are the symptoms?
What Safari version is in question here?
Message 2 of 5
latest reply

Re: Update browser??

anaturallady
Explorer
In response to berserkerplanet

‎06-29-2018 09:13 PM

Thanks for that -- but it is totally beyond me! He decided to skip the whole problem and just install Chrome, which works great. 

Message 3 of 5
latest reply
0 Helpful

Re: Update browser??

joaau2015
Explorer
In response to berserkerplanet

‎10-04-2018 05:10 PM

How do I update to tls 1.2

Message 4 of 5
latest reply
0 Helpful

Re: Update browser??

berserkerplanet
Rockstar
In response to joaau2015

‎10-04-2018 05:31 PM

>>How do I update to tls 1.2

It is built into the browser, so you have to update to a new enough browser version that supports TLS 1.2

See here for a table of versions and capabilities: https://en.wikipedia.org/wiki/Transport_Layer_Security#browsersTLS

You should upgrade to the newest version you can for numerous reasons (latest security patches, features, and also because even if a browser supports TLS1.2, a website might refuse it based on browser version number).

If you are on a device that isn't upgradable then you are out of luck (such as my old HP Touchpad browser - that device is abandoned and has proprietary browser, or my old Windows Mobile 6.1 phone that is also an abandoned platform)

It is possible to upgrade Windows XP IE/OS TLS to 1.2, but that is not for the faint of heart and stands a good chance of bricking the system (like an idiot I did it and got lucky. MS thinks my desktop is a Point of Sale Terminal 🙂


In short, if you are running into general internet website connection refusals and/or eBay/PayPal error messages about TLS, you need a newer browser.
Message 5 of 5
latest reply

Featured Posts

View all
Top