Initial Notification :
On March 21, 2018, we will be removing the support of RC4-based ciphers (i.e. RC4-MD5 and RC4-SHA) in the Payflow Pilot environment (pilot-payflowpro.paypal.com). We will now require merchants to use the cipher suite of TLS_RSA_WITH_AES_128_CBC_SHA (aka AES128-SHA) or higher when connecting to the Pilot environment.
We will be removing the RC4-based ciphers in the Payflow Production environment (payflowpro.paypal.com) on April 30, 2018.
The Payflow Pilot endpoints have been configured with the latest security standards to which the Production endpoints will be moving. Merchants can use these endpoints to verify that their code supports the required standards before the Production endpoints are updated on April 30, 2018.
This isn’t really news since no one should have been using these any longer, however, you might have your webhost check your server to make sure transactions are not lost. Our servers are 100% ready to go on this already.
