Announcement

Collapse
No announcement yet.

Retirement of TLS 1.0 and TLS 1.1

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Retirement of TLS 1.0 and TLS 1.1

    From July next year (2016) many systems are required to support TLS 1.2 and not support any earlier levels of TLS or SSL.

    Over the next few months emails will be sent from payment service providers (PSPs) and from hosting companies regarding this.

    The impact will affect several areas:-
    • Browsers viewing secure payment pages
    • Communications with PSPs
    • Authorisation call backs from PSPs


    Browsers viewing secure payment pages
    When a buyer views a payment page their browser will need to support TLS1.2 or they will not be able to complete the payment. All mainstream browsers have supported TLS1.2 for some time. IE11 supports TLS1.2 by default, but it can be enabled via 'Internet Options' in IE8 and later.

    Note If the merchant's web site uses SSL and the merchant's hosting company removes support for all but TLS1.2, then the merchant's customers/buyers will also need a TLS1.2 enabled browser.

    Communications with PSPs
    Sometimes the merchant's server needs to make an SSL connection to another server. If the other server only accepts TLS1.2 then the merchant's server needs to be TLS1.2 enabled.

    SellerDeck uses 'Crypt::SSLeay' and we have confirmed that version 0.57 and later versions support TLS1.2, but we cannot determine whether earlier versions support TLS1.2.

    Authorisation call backs from PSPs
    If the merchant's web site uses SSL for the checkout then the PSP authorisation callback will also use SSL. In this case there are two possible problems: -
    1. The first occurs if the PSP insists on TLS1.2 then the web server needs to support TLS1.2.
      Note: We are in the process of upgrading SellerDeck Hosting to support TLS1.2.

      You can check your site by starting checkout in FireFox, click the padlock and then click 'More Information' the resulting dialog should show TLS 1.2 against 'Connection Encrypted'. IE currently does not appear to provide this information.

    2. The second occurs if the merchant's server insists on TLS1.2. In this case the PSP call back will fail if the PSP does not support TLS1.2.
      If this occurs then you will need to check with your PSP when they will support TLS1.2 and the hosting company will need to re-enable the best protocol still accepted by the PSP.
Working...
X