Force TLS 1.2 in NopCom 4.20 Non Source Code

2 months ago
Need to force TLS 1.2 in NopCom 4.20 using the non-source code files. Is this possible? I've found a few solutions but none that will work with the files I have currently.
2 months ago
The more I think about this, the less I'm sure you will be able to get PayPal Smartbuttons working without disabling TLS 1.1 at the OS level.  

It's not that your server isn't already trying to handshake with PayPal over TLS 1.2, it's that during the handshake PayPal is detecting TLS 1.1 is enabled and then refusing to provide the SDK to the client.  They know your server is connecting securely, but they're worried about clients connecting to your server with an insecure method which they don't control.

However, you may look into these possibilities for Kestrel:  https://stackoverflow.com/questions/46832384/any-way-to-restrict-asp-net-core-2-0-https-to-tls-1-2
https://stackoverflow.com/questions/54150473/how-to-implement-tls-1-2-in-asp-net-core-2-0

At a minimum, I believe that would involve editing Nop.Web/Program.cs in the source and recompiling though
1 month ago
I appreciate all the help you've been. After looking into having my hosting provider disable TLS 1.1 on their end. They said it would be possible but I'd have to move to a private server which at this point is a little out of price for us. I'm plan on trying to swap out my non-source code site to a source code and modify using the link you sent. I'll be working on the same hosting but will have a separate site for testing.
What really helped me move toward this is there is a new plugin for Affirm payments and I'm guessing I'm having the same issues with that plugin as I am with Paypal Smart Buttons. I'll keep you filled in.
1 month ago
Simply replacing non-source code version with source code version will not help you
Non-source code version is made from source code version using visual studio
Essentially you need to get source version – make changes and then build it to make a new non-source version
Then upload that to your server.
In fact depending on what source you need to change probably only one new .dll will be created that needs to be copied to the server to overwrite old version
So you need to work out what source code needs to be changed
If you are not familiar with Visual Studio and the build process maybe someone can do it for you and send you the .dll
1 month ago
Thanks for clarifying. That's what I meant by switching to source code. So I could modify what's needed to get TLS 1.1 disabled. I was initially trying to do it with out having to compile any code.
1 month ago
This is what I came up with. Not sure exactly which .dlls to replace with this single change but will test it soon.

using Microsoft.AspNetCore;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Server.Kestrel.Https;
using System.Security.Authentication;

namespace Nop.Web
{
  public class Program
  {
    public static void Main(string[] args)
    {
      var host = WebHost.CreateDefaultBuilder(args)
        .UseKestrel(options =>
        {
          options.AddServerHeader = false;
          options.Listen(System.Net.IPAddress.Loopback, 443, listenOptions =>
          {
            listenOptions.UseHttps(new HttpsConnectionAdapterOptions { SslProtocols = SslProtocols.Tls12 });
          });
        })
            .UseStartup<Startup>()
                .Build();

            host.Run();
        }
    }
}