paypal trouble

Users and developers helping users with generic and technical Pale Moon issues on all operating systems.

Moderator: trava90

Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
mikele1959
Fanatic
Fanatic
Posts: 188
Joined: 2014-09-01, 21:58
Location: montreal

paypal trouble

Unread post by mikele1959 » 2018-06-09, 22:59

paypal problem this is what I receive today from paypal

Image

there is many many many website like bank or paypal account ebay amazon etc where I can not logon now and this is annoying
Last edited by Moonchild on 2018-06-10, 09:43, edited 2 times in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: paypal trouble

Unread post by Moonchild » 2018-06-10, 00:30

I use PayPal on a near daily basis without issues and Pale Moon's security standards are high compared to most browsers.
If you are having connection issues across the board, then you should check if you have anything that uses https filtering or similar since it's very well possible that your filter's outbound connection isn't secure enough.

What does paypal say exactly under "learn more"? Do they provide any details?
Last edited by Moonchild on 2018-06-10, 00:31, edited 2 times in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

mikele1959
Fanatic
Fanatic
Posts: 188
Joined: 2014-09-01, 21:58
Location: montreal

Re: paypal trouble

Unread post by mikele1959 » 2018-06-10, 05:20

when I click on "learn more" this is what I can read from paypal :

To meet the new PCI Security Standard (PCI DSS) required by all websites that hold payment data, PayPal will no longer support outdated web browsers. You may need to update your browser to continue accessing PayPal. Please follow the steps below to update your desktop and mobile browsers.

User avatar
Giraffe
Lunatic
Lunatic
Posts: 401
Joined: 2016-11-09, 11:57

Re: paypal trouble

Unread post by Giraffe » 2018-06-10, 07:18

Just tried PP and it's OK with the latest PM.
I have UA Mode set to Firefox but the overall UA is:
Mozilla/5.0 (Windows NT 6.1; rv:59.0) Gecko/20100101 Firefox/60.0
I don't know if this makes a difference.
If necessary with awkward sites I open the page in Fx 60 ESR - that should be up to date!
Windows 7 Pro 32-bit. Comodo Internet security or Comodo Firewall + Avira Anivirus.

User avatar
adesh
Board Warrior
Board Warrior
Posts: 1277
Joined: 2017-06-06, 07:38

Re: paypal trouble

Unread post by adesh » 2018-06-10, 07:51

I just logged in to PayPal with Pale Moon 27.9.2 on Linux without any warning or functional issue. I even made some payments a couple of days ago. I use Native UA string and have no override for PayPal in about:config.

Ok, so, I even tried Firefox Compatibility mode and I was able to login just fine. No warning about outdated browser.

So, it doesn't exactly look like a UA sniffing issue. Also, as stated above, security in Pale Moon is better than average.
Last edited by adesh on 2018-06-10, 08:24, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: paypal trouble

Unread post by Moonchild » 2018-06-10, 09:38

PCI DSS requirements mandate the use of TLS 1.2 and appropriate ciphers for financial websites.

Since Pale Moon is well within the capabilities of supplying that, there shouldn't be a problem (unless you've fiddled with about:config or Pale Moon Commander and disabled TLS 1.2 inadvertently). As said, alternatively, it may be something in-between the browser and the web that is interfering like an https-filtering antivirus or security suites which are known to regularly have poor outbound connections.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

mikele1959
Fanatic
Fanatic
Posts: 188
Joined: 2014-09-01, 21:58
Location: montreal

Re: paypal trouble

Unread post by mikele1959 » 2018-06-10, 13:48

Well I see there is some misunderstanding here...

- I DO NOT HAVE ANY ISSUE TO LOGIN TO PAYPAL -

I received this WARNING FROM PAYPAL BY EMAIL

Please let me know how to enable TLS 1.2 if I disabled TLS 1.2 inadvertently

thank you for that

doofy
Astronaut
Astronaut
Posts: 650
Joined: 2017-08-14, 23:43

Re: paypal trouble

Unread post by doofy » 2018-06-10, 14:10

mikele1959 wrote:Please let me know how to enable TLS 1.2 if I disabled TLS 1.2 inadvertently
Only place I know is in Pale Moon Commander under Security / SSL.

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1622
Joined: 2015-07-23, 16:09
Location: Norway

Re: paypal trouble

Unread post by Tomaso » 2018-06-10, 14:31

Go to about:config and search for tls.
If any of the preferences listed have bold text, then their values have been modified.
To restore a preference to its default value, simply right-click on it and select "Reset".
These are the preferences that determines the highest and lowest supported TLS protocols:
security.tls.version.max (default value = 3)
security.tls.version.min (default value = 1)

mikele1959
Fanatic
Fanatic
Posts: 188
Joined: 2014-09-01, 21:58
Location: montreal

Re: paypal trouble

Unread post by mikele1959 » 2018-06-10, 19:16

thx my tls configuration seem to be good
Last edited by mikele1959 on 2018-06-10, 19:16, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: paypal trouble

Unread post by Moonchild » 2018-06-10, 20:22

mikele1959 wrote:Well I see there is some misunderstanding here...
- I DO NOT HAVE ANY ISSUE TO LOGIN TO PAYPAL -
I received this WARNING FROM PAYPAL BY EMAIL
I find that really strange, because that is the kind of message they would display on the website if they detect that you are visiting PayPal with a browser not supporting TLS 1.2 (Note the wording: "The web browser you are currently using..."). It would make little sense to send something like this via e-mail after the fact with that kind of wording.
But maybe I'm mistaken and they send this out via e-mail if they detect a login with a non-compliant browser -- what do I know :) That still means you HAVE logged in with a browser that isn't compliant with their standards, though, so it would still serve to check your connection or you may actually get locked out when it comes into effect.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

coffeebreak
Moon Magic practitioner
Moon Magic practitioner
Posts: 2986
Joined: 2015-09-26, 04:51
Location: U.S.

Re: paypal trouble

Unread post by coffeebreak » 2018-06-10, 21:27

mikele1959 wrote:thx my tls configuration seem to be good

I'm not clear what you're saying.
Do you mean that your TLS configuration was already good, or do you mean that you just now did something to fix it?


In their help section (this article), Paypal provides a test to see if your browser can handle their new TLS requirements.
Instructions to update desktop browsers
Please visit our sandbox site from each of your browsers. If the page loads, you are already upgraded.
When I click their sandbox link with PM 27.9.2, it successfully loads a page - this one: https://www.sandbox.paypal.com/us/home

When you click the same link, does it load a page?

Pelican
Fanatic
Fanatic
Posts: 220
Joined: 2018-02-23, 06:51

Re: paypal trouble

Unread post by Pelican » 2018-06-10, 23:59

For what it is worth, there are scam/phishing emails being sent to Paypal account users asking them to log into their account. However the web address and domain of the sender is not Paypal.com.

I got another of these emails this morning, but had no need to follow their link because I had already contacted Paypal support to confirm that my server was updated for TLS and that all was good.

The give away was "Our records indicate that your PayPal integration is not compatible..."

parpfish II

Re: paypal trouble

Unread post by parpfish II » 2018-06-11, 05:34

Hi

There seems to be 2 unrelated / partially related issues here. I've been dealing with both, but they are unrelated (in some ways).

The TLS version 1.2 upgrade issue on Paypal affects HTTPS site owners who process and store customer financial data (credit card data etc) which in turn relates to PCI compliance:
https://www.pcicomplianceguide.org/faq/
This is something ones server / web hosting company should be able to sort out and is not related to the certificate issuing authority. So this I would assume, should only affect store owners and those that process payments - not customers per se.

The issue that is specific to Paypal and Pale Moon is the fact they are trying to corral their clients / customers into a limited cartel of mainstream browsers:
Image

I use 3 browsers, all of which are the latest version: Pale Moon, Opera and Beaker Browser (P2P enabled Chrome fork). All of them trigger the above warning.

I'm currently talking with PayPal about this.
I'm surprised it's even legal - this is like a form of cartel anti-trust - and is outrageous IMO.

Hope that helps.
P.

Update: I have the same experience as Moonchild re. the OP -- as a Paypal customer I've not had any notices like those from the OP. As someone with a PayPal business account - this is an issue and it's annoying as **** - as Paypal are making it impossible to access and make changes to important settings re. their API and other stuff.
Last edited by parpfish II on 2018-06-11, 05:41, edited 1 time in total.

parpfish II

Re: paypal trouble

Unread post by parpfish II » 2018-06-11, 05:57

I'm talking to a robot on PayPal tech support at present:

PAYPAL:
Hi xxxxxxxx

You need to update and use the latest browser because this is to meet the new PCI Security Standard (PCI DSS) required by all websites that hold payment data, PayPal will no longer support outdated web browsers. You may need to update your browser to continue accessing PayPal.

ME:
I've already told you twice that I have the latest version of not one, not two, BUT three different browsers. The issue is NOT out of date browsers. The issue is the very limited array of browsers that Paypal seems to be allowing for.
Pale Moon is a very secure and highly respected browser. Opera is not a niche browser. Beaker is a fork of Chrome. All of these are the latest versions. Ergo, the problem is Paypal's limited parsing of the referrer header which is thus making a false claim - namely, that the user's browser is out of date when it is not.

In summary, this is then not a case of security, but a case of Paypal corralling users into downloading one of 4 browsers that the user in all likelihood has already rejected.
P.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: paypal trouble

Unread post by Moonchild » 2018-06-11, 08:14

parpfish: let's keep this thread focused on the OP's issue, shall we? This is not about flat-out saying the browser is "out of date" because of an unknown user agent.
This is about the specific message given by the OP about security standards, which has a different cause.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

parpfish II

Re: paypal trouble

Unread post by parpfish II » 2018-06-11, 09:17

@Moonchild

I've just spent the last 2 hours talking with PayPal Tech Support about this:

Notice what they said: "You need to update and use the latest browser because this is to meet the new PCI Security Standard (PCI DSS) required by all websites that hold payment data".

They've just confirmed that the June 30th deadline is to comply with PCI DSS and that is behind the browser update messages. PayPal stated to me moments ago, that they will only be supporting "Internet Explorer, Microsoft Edge, Mozilla Firefox , Google Chrome, or Safari." and I was just told that they've included Opera.

What this means is that Pale Moon will not be considered an up to date browser, regardless of whether it's up to date.

In addition, I was in touch with the Competition and Markets Authority in the UK to see what the anti-competitive implications are of big players like PayPal using "security" directives as excuses to sideline the competition (i.e. not the big 4 or 5).

Sorry if you regard this as off-topic.

P.
Last edited by parpfish II on 2018-06-11, 09:19, edited 2 times in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: paypal trouble

Unread post by Moonchild » 2018-06-11, 09:34

Pale Moon is most definitely PCI DSS 3.2 compliant (insofar that is must be capable of TLS 1.2, actual compliance in total rests on the server), and I think you misunderstood what PayPal told you. (Feel free to check Pale Moon's capabilities in ssllabs' "test my client").
Whether they "officially support" Pale Moon or not has no bearing on being able to connect, but rather whether they are willing to assist you with individual support if you are using anything else or if you are "on your own".

As an aside I've done some extra testing by limiting Pale Moon's capabilities to TLS 1.0 (which isn't compliant) and I received no e-mail with OP's statement after logging in with that, either, nor any on-line warning from PayPal when going through the connection and login process. I can therefore only conclude that there isn't a problem with Pale Moon, but rather with OP's setup that consistently shows PayPal non-compliant connections warranting their warning.
Last edited by Moonchild on 2018-06-11, 09:43, edited 3 times in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

parpfish II

Re: paypal trouble

Unread post by parpfish II » 2018-06-11, 09:58

@Moonchild. You could try to be a little more patronising :D

It's actually you that isn't understanding this issue.

Of course Pale Moon can handle TLS 1.2. The TLS 1.2 compliance is related not to the Browser but to those entities that processes and store financial data (like shops and the servers they sit on). It is not a matter for users, it's a matter for organisations including PayPal themselves. What they are saying is that as of June any organisation that process and stores financial data must use HTTPS (TLS 1.2 as 1.0 does not comply with PCI DSS).

This is not the issue that is causing the Browser notification. That is a PayPal policy issue - they have decided to only support the main browsers (that is NOT something that the PCI DSS demands - that's just PayPal keeping things simple for themselves).

If you want to believe otherwise you're more than welcome to keep missing the point.


PCI DSS is the worldwide Payment Card Industry Data Security Standard that was set up to help businesses process card payments securely and reduce card fraud. The achieves through enforcing tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.

The payment standard has 12 high level requirements which fall into the six categories below:

1.) Build and Maintain a Secure Network

Install and maintain a firewall configuration to protect data
Do not use vendor-supplied defaults for system passwords and other security parameters

2.) Protect Cardholder Data

Protect stored data (use encryption)
Encrypt transmission of cardholder data and sensitive information across public net

3.) Maintain a Vulnerability Management Program

Use and regularly update anti-virus software
Develop and maintain secure systems and applications

4.) Implement Strong Access Control Measures

Restrict access to data by business need-to-know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data

5.) Regularly Monitor and Test Networks

Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes

6.) Maintain an Information Security Policy

Maintain a policy that addresses Information Security
It's pretty clear the directive is aimed at institutions NOT browsers.


P.

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 5151
Joined: 2011-10-03, 10:19
Location: Piney Woods of Southeast Texas, USA

Re: paypal trouble

Unread post by Night Wing » 2018-06-11, 12:30

@ parpfish II

Hypothetically speaking, if PayPal is only going to support the big 4 or 5 browsers (Chrome, Firefox, Edge, Safari, Opera), it seems you could change the user agent of Pale Moon and let PayPal think you're using one of their "supported" browsers. In this case, change Pale Moon's user agent to Firefox. After all, Pale Moon already meets PayPal's security concerns.
Last edited by Night Wing on 2018-06-11, 12:30, edited 1 time in total.
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox

Locked