In accordance with guidance from the PCI Security Council (PCI SSC), we recommend a move to TLS 1.2 as soon as possible to mitigate any transaction processing disruption in the future. The PCI SSC has indicated that if any additional vulnerabilities are found in TLS 1.0 or 1.1 then they will mandate a move to TLS 1.2 or higher, a timeline that is out of our hands.
.NET API
.NET 4.6+ adds support for TLS 1.2 as standard and is enabled by default, as a result, we would recommend any integrators, where possible, target this framework to avoid disruption. However, in the event that an older version of .NET is required, Microsoft released a service patch (KB3154518) to enable the utilization of TLS 1.2 on older operating systems.
For TLS best practices with .NET Framework, please refer to this Microsoft article.
Java API
JDK 8+ adds support for TLS 1.2 as standard and is enabled by default, as a result, we would recommend any integrators, where possible, target this framework to avoid disruption. It should be noted that whilst JDK 7 does enable TLS 1.2 for server sockets, it does not do the same for client connections.
To enable TLS 1.2 in your application, we recommend upgrading to JDK 8+ as TLS 1.2 is enabled by default on both server sockets and client. If you would like to enable TLS 1.2 for client endpoints with JDK 7, there are 4 options outlined under the Changing default TLS protocol version for client endpoints: TLS 1.0 to TLS 1.2 section of Java's site.