In accordance with guidance from the PCI Security Council (PCI SSC), we recommend a move to TLS 1.2 as soon as possible to mitigate any transaction processing disruption in the future. The PCI SSC has indicated that if any additional vulnerabilities are found in TLS 1.0 or 1.1 then they will mandate a move to TLS 1.2 or higher, a timeline that is out of our hands.
.NET 4.6+ adds support for TLS 1.2 as standard and is enabled by default, as a result, we would recommend any integrators, where possible, target this framework to avoid disruption. However, in the event that an older version of .NET is required, Microsoft released a service patch (KB3154518) to enable the utilization of TLS 1.2 on older operating systems.
For TLS best practices with .NET Framework, please refer to this Microsoft article.
JDK 8+ adds support for TLS 1.2 as standard and is enabled by default, as a result, we would recommend any integrators, where possible, target this framework to avoid disruption. It should be noted that whilst JDK 7 does enable TLS 1.2 for server sockets, it does not do the same for client connections.
To enable TLS 1.2 in your application, we recommend upgrading to JDK 8+ as TLS 1.2 is enabled by default on both server sockets and client. If you would like to enable TLS 1.2 for client endpoints with JDK 7, there are 4 options outlined under the Changing default TLS protocol version for client endpoints: TLS 1.0 to TLS 1.2 section of Java's site.
Our PHP API uses the system-supplied cURL and OpenSSL libraries to establish HTTPS connections with our platform in order to transfer data. This means that you will need to have a minimum of at least cURL version 7.34.0+ and OpenSSL 1.0.1c+ in order to support TLS 1.2.
Our COM API uses the WinHTTP library for HTTPS connections with our platform in order to transfer data. WinHTTP does not support TLS 1.2 by default and requires Windows 7 in order to enable support. Please refer to the How to Enable TLS 1.2 on Windows 7 article for support instructions. on how to enable this.