In accordance to our advisory circulated last year and mirroring the PCI Security Council (PCI SSC) guidance, we recommend a move to TLS 1.2 as soon as possible to mitigate any transaction processing disruption in the future. The PCI SSC has indicated that if any additional vulnerabilities are found in TLS 1.0 or 1.1 then they will mandate a move to TLS 1.2 or higher, a timeline that is out of our hands.
To enable TLS 1.2 in your application, we recommend that you upgrade your application to target a minimum of .NET Framework 4.6+. No additional work will be needed to support TLS 1.2 as .NET Framework 4.6+ has TLS 1.2 enabled by default.
For TLS best practices with .NET Framework, please refer to this Microsoft article.
To enable TLS 1.2 in your application, we recommend upgrading to JDK 8+ as TLS 1.2 is enabled by default on both server sockets and client.
If you are using JDK 7, TLS 1.2 is enabled for server sockets but it is not enabled for clients. If you would like to enable TLS 1.2 for client endpoints with JDK 7, there are 4 options outlined under the "Changing default TLS protocol version for client end points : TLS 1.0 to TLS 1.2" section of Java's site.
Our PHP API uses the system-supplied cURL library to establish HTTPS connections with our platform in order to transfer data. This means that you will need to have a minimum of at least cURL version 7.34.0 in order to support TLS 1.2.
cURL also uses OpenSSL libraries. We recommend that you upgrade to OpenSSL 1.0.2+ as TLS 1.2 support is enabled by default.
Our COM API uses the WinHTTP library for HTTPS connections with our platform in order to transfer data. WinHTTP does not support TLS 1.2 by default and requires Windows 7 in order to enable support.
Please refer to the "How to Enable TLS 1.2 on Windows 7" article for support instructions.