This just in in a "Customer Notice" email - question being, what if anything do we users need to do:
"At Global Payments, we are continually investing in our infrastructure to provide a constant, reliable and secure service to all our customers. In order to maintain our adherence to security best practice, we will be upgrading our security certificates and cryptographic protocol in the coming months.
1. Extended Validation
Extended Validation gives the customer increased confidence when entering sensitive data online. An Extended Validation certificate is similar to an ordinary security certificate, but anyone who requires one must go through a more rigorous verification process in order to provide greater reassurance of the legitimacy of their site.
A page with an Extended Validation security certificate will display a green address bar.
2. End of Support for SHA-1
Security certificates are digitally signed with an encrypted hash to ensure that they have not been tampered with. Currently, we support both the SHA-1 and SHA-2 cryptographic hash functions.
Weaknesses have been identified with SHA-1 that render it incompatible with security best practice. For this reason, we are discontinuing support for SHA-1; following our upgrade, we will be supporting SHA-256 only.
3. End of Support for TLS Version 1.0 and 1.1
The TLS protocol provides security for communications over the Internet. It allows client/server applications to communicate in a way that prevents eavesdropping, tampering, and message forgery.
Currently, our security certificates support TLS 1.0, 1.1 and 1.2. As TLS 1.0 and 1.1 are no longer considered best practice, we are discontinuing support for these versions. This upgrade also includes the removal of support for the following encryption ciphers:
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
We will continue to support the following ciphers
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
Do I Need to Do Anything?
All major, up-to-date browsers will support Extended Validation, SHA-256 and TLS 1.2. If you use our hosted applications, e.g. the Virtual Terminal, RealControl or the Hosted Payment Page, Extended Validation has already been implemented and SHA-1 support removed for the services that you use. We do not anticipate that the upcoming TLS change will cause any interruption to your ability to access our services.
If you access our services via our API, it is important to check that your system supports SHA-256 and TLS 1.2.
We advise that you send this email to your developer or technical team, whether you are using a hosted or API solution, just in case any changes are required on your system."
"At Global Payments, we are continually investing in our infrastructure to provide a constant, reliable and secure service to all our customers. In order to maintain our adherence to security best practice, we will be upgrading our security certificates and cryptographic protocol in the coming months.
1. Extended Validation
Extended Validation gives the customer increased confidence when entering sensitive data online. An Extended Validation certificate is similar to an ordinary security certificate, but anyone who requires one must go through a more rigorous verification process in order to provide greater reassurance of the legitimacy of their site.
A page with an Extended Validation security certificate will display a green address bar.
2. End of Support for SHA-1
Security certificates are digitally signed with an encrypted hash to ensure that they have not been tampered with. Currently, we support both the SHA-1 and SHA-2 cryptographic hash functions.
Weaknesses have been identified with SHA-1 that render it incompatible with security best practice. For this reason, we are discontinuing support for SHA-1; following our upgrade, we will be supporting SHA-256 only.
3. End of Support for TLS Version 1.0 and 1.1
The TLS protocol provides security for communications over the Internet. It allows client/server applications to communicate in a way that prevents eavesdropping, tampering, and message forgery.
Currently, our security certificates support TLS 1.0, 1.1 and 1.2. As TLS 1.0 and 1.1 are no longer considered best practice, we are discontinuing support for these versions. This upgrade also includes the removal of support for the following encryption ciphers:
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
We will continue to support the following ciphers
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
Do I Need to Do Anything?
All major, up-to-date browsers will support Extended Validation, SHA-256 and TLS 1.2. If you use our hosted applications, e.g. the Virtual Terminal, RealControl or the Hosted Payment Page, Extended Validation has already been implemented and SHA-1 support removed for the services that you use. We do not anticipate that the upcoming TLS change will cause any interruption to your ability to access our services.
If you access our services via our API, it is important to check that your system supports SHA-256 and TLS 1.2.
We advise that you send this email to your developer or technical team, whether you are using a hosted or API solution, just in case any changes are required on your system."
Comment