Does enabling Cloudflare on my site affect PayPal's TLS 1.2 requirement?

In a word, no. Cloudflare has no bearing on this requirement.

You may have read one of the following articles from PayPal:

These articles state that as of June 17, 2016, PayPal will:

  • Upgrade the TLS certificate(s) used on PayPal's servers to be signed with SHA-2.
  • Disallow connections that require the VeriSign G2 Root Certificate for trust validation.
  • Enforce that HTTP connections made to PayPal use HTTP/1.1 or newer. HTTP/1.0 will be disallowed.
  • Enforce that HTTPS connections made to PayPal's servers are made using TLS 1.2 only.

In practice, this means that your origin server and/or your visitor's clients (i.e.- web browsers) must support the above requirements. Cloudflare doesn't proxy connections made directly to, so enabling Cloudflare on your website doesn't affect how these connections are made.

If you have questions if your server or browser supports these standards, you can visit from the client making the connection to PayPal to see if the connection is able to be made successfully. A response of "PayPal_Connection_OK" indicates that your client already supports these standards.

A chart of what standards popular browsers support is available here:

For reference, Cloudflare supports SHA-2 and TLS 1.2 for both connections from visitors to our edge as well as from our edge to your website's origin.

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk