TLS 1.2, HTTP/1.1 and SHA-256

Hi again,
We need to check the compatibility of OJS with the future security changes Paypal is going to take. We have got an email where they ask us to make the necessary changes to avoid the service interruption. This changes arr about TLS 1.2, HTTP/1.1 and the compatibility with SSL certificates encoded with SHA-256.

I ask the hosting provider and they say hosting is ready for this technology. We are now on OJS 248-1. Is there any changes we have to do to warranty paypal keep working?

Kind regards,
Daniel Becerra

Hi @celuloide,

This is purely a PHP-level issue; if the server is ready to handle it, nothing needs to be done within OJS.

Alec Smecher
Public Knowledge Project Team

Thank you Alec, fantastic news.


Will OJS 3 support signature algorithms with hash functions that are stronger than SHA-1, such as SHA-256, SHA-384, or SHA-512 after 1 Jan 2017?

OJS’s only internal use of hashing algorithms for security is in the passwords and password reset process. These processes support hashes beyond SHA-1 via GitHub - ircmaxell/password_compat: Compatibility with the password_* functions that ship with PHP 5.5.

The other use of security hashing, such as for SSL certificates, is dependent on your server, and not OJS.