|
tapps
|
May 8, 2017 at 8:23 am
We received the notification below (Important TLS Disablement Notice) from Authorize.Net. I was just curious if this was going to in any way affect our transactions in Event Espresso? We use Authorize.Net for the Payment Gateway of Event Espresso. Is this going to affect us? Do we need to do anything?
Thanks for your input….
Important TLS Disablement Notice
Your Payment Gateway ID: 1473757
Dear Authorize.Net Merchant:
As you may be aware, new PCI DSS requirements state that all payment systems must disable early TLS by 2018. Transport Layer Security (TLS), is a technology used to encrypt sensitive information sent via the Internet. TLS is the replacement for Secure Sockets Layer (SSL).
In preparation for this requirement, Authorize.Net plans to disable TLS 1.0 and TLS 1.1 on the following dates:
Sandbox: COMPLETE
Production: September 18, 2017
We have disabled the sandbox in advance of production to allow you and your developer time to test your website or payment solution and ensure you are no longer using TLS 1.0 or 1.1 prior to September 18th.
Please contact your web developer or payment solution provider, as well as your web hosting company, to confirm that they can support TLS 1.2 for your API connections.
In addition, we plan to retire the 3DES cipher (a data encryption standard) in production soon. However, the date has not yet been finalized. We will notify you once it has.
Please refer your developer or solution provider to our API Best Practices for cipher recommendations, details about TLS 1.2 platform support, and other integration suggestions.
Note: If you are not using the current version of your web browser, please take a few moments to upgrade it now. Browsers released prior to 2014 may not support TLS 1.2. You can check your browser’s TLS support by visiting https://www.howsmyssl.com/.
Thank you for your attention to this matter and for being an Authorize.Net merchant.
Sincerely,
Authorize.Net
You have opted to receive Administrative and/or Technical Notices for your payment gateway account. To unsubscribe, log into the Merchant Interface and click Account from the main toolbar. Then click User Profile from the menu on the left. Select Edit Profile Information and uncheck the email types you do not want to receive. Click Submit to save any changes.
For information on Authorize.Net communications and how we handle customer information, please see our Spam Policy and Privacy Policy.
|
|
Josh
|
May 8, 2017 at 8:36 am
Hi there,
The change that Authorize.net is making may affect you. The change requires that your web server uses TLS 1.2. You can contact your host and ask them to verify that they’ve made this upgrade. If they haven’t yet, they’ll need to upgrade your server to have the latest version of libcurl no later than September 17.
|
|
tapps
|
May 8, 2017 at 2:09 pm
Thanks Josh! That was extremely helpful!
|
|
tapps
|
May 8, 2017 at 7:49 pm
WE have an SSL Certificate on our SITE. GoDaddy is telling us that we simply need to activate a plugin called “Really Simple SSL”. Does that sound right to you?
|
|
Tony
|
May 9, 2017 at 5:58 am
No, that does not sound correct for the notice above.
One of the easiest ways to set your site to your SSL Certificate is to use the Really Simple SSL plugin, however the connection made to auth.net has almost nothing to do that.
Basically GoDaddy need to confirm that the server will use TLS1.2+ for any outgoing connections, not that your sit is using an SSL certificate.
Can you let me know which auth.net payment method are you using?
|
