Stripe API update TLS 1.2

[jonvee]

Not sure if this is something I need to do server side or if this module needs updating. Currently it's not functional with a new stripe account. Nwazet.Commerce.Controllers.StripeController - Default - invalid_request_error: Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later. You can learn more about this at https://stripe.com/blog/upgrading-tls.

[petedavis]

Have you tried running on an updated .Net framework version? http://blogs.perficient.com/microsoft/2016/04/tsl-1-2-and-net-support/

[jeffolmstead]

I believe Orchard (by default) is built against .NET 4.5.1 (I am not on the latest patch, but believe that is still true). If that is the case, then upgrading to .NET 4.6 before Orchard core is released against it would be very difficult / likely not advised. @jonvee could you test to see if this change would work in the StripeWebService class?

public class StripeWebService : IStripeWebService {
        // CHANGE - start
        public StripeWebService() {
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
        }
        // CHANGE - end

It would seem like it would as it should be initiated before any web calls are made. The only real negative I see is that you are hard coding the protocol instead of taking the default which means this would need to be managed as the protocol changes. Also would cause a build issue against .NET 4.0 as the protocol isn't available...

[jonvee]

Thanks guys! Ya, updating to 4.6 wasn't really an option and I was tying to add that line, but I wasn't wrapping it properly, I owe you at least a coffee @jeffolmstead ;)

[bleroy]

If one of you makes a pull request, I'm happy to merge. Otherwise, I'll get to it when I can.

[jonvee]

I would, but I don't even know how to ;P