Announcement

Collapse
No announcement yet.

Is this something that needs addressing? - Important TLS Disablement Notice

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Is this something that needs addressing? - Important TLS Disablement Notice

    Important TLS Disablement Notice
    Dear Authorize.Net Merchant:
    As you may be aware, new PCI DSS requirements state that all payment systems must disable early TLS by 2018. Transport Layer Security (TLS), is a technology used to encrypt sensitive information sent via the Internet. TLS is the replacement for Secure Sockets Layer (SSL).
    In preparation for this requirement, Authorize.Net plans to disable TLS 1.0 and TLS 1.1 on the following dates:
    Sandbox: COMPLETE
    Production: September 18, 2017

    We have disabled the sandbox in advance of production to allow you and your developer time to test your website or payment solution and ensure you are no longer using TLS 1.0 or 1.1 prior to September 18th.
    Please contact your web developer or payment solution provider, as well as your web hosting company, to confirm that they can support TLS 1.2 for your API connections.

    In addition, we plan to retire the 3DES cipher (a data encryption standard) in production soon. However, the date has not yet been finalized. We will notify you once it has.

    Please refer your developer or solution provider to our API Best Practices for cipher recommendations, details about TLS 1.2 platform support, and other integration suggestions.

    Note: If you are not using the current version of your web browser, please take a few moments to upgrade it now. Browsers released prior to 2014 may not support TLS 1.2. You can check your browser's TLS support by visiting https://www.howsmyssl.com/.
    Thank you for your attention to this matter and for being an Authorize.Net merchant.
    Sincerely,
    Authorize.Net

    Dan

    Girlfriends Lingerie - "Keeping It Sexy!"
    Sexy Lingerie - Twitter - Facebook- Pinterest - YouTube

    #2
    You won't need to change anything with regard to that notice.
    David Hubbard
    CIO
    Miva
    [email protected]
    http://www.miva.com

    Comment


      #3
      Originally posted by ILoveHostasaurus View Post
      You won't need to change anything with regard to that notice.
      Thank you David as always with the quick reply.
      Dan

      Girlfriends Lingerie - "Keeping It Sexy!"
      Sexy Lingerie - Twitter - Facebook- Pinterest - YouTube

      Comment


        #4
        Hey David, maybe you can add rules to Miva Mail Servers to block these emails from Store Owners so we don't have to explain them to each and every store owner who works with us. :)
        Bruce Golub
        Phosphor Media - "Your Success is our Business"

        Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
        phosphormedia.com

        Comment


          #5
          There's definitely no harm in confirming, and given you support people who may not be hosted with us, you should know that there can be fully up to date Miva Merchant stores that would have a problem related to this change. It is dependent on the OpenSSL version on the server as to whether Empresa can talk TLS 1.2 or not, so there may be up to date stores that encounter issues.
          David Hubbard
          CIO
          Miva
          [email protected]
          http://www.miva.com

          Comment


            #6
            ...i know, just kidding as we get 20 of these every time paypal, authnet, etc issue the 'dire' warning...
            Bruce Golub
            Phosphor Media - "Your Success is our Business"

            Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
            phosphormedia.com

            Comment


              #7
              I received the below from our host in relation to the version of OpenSSL:

              [root@greywood ~]# openssl version
              OpenSSL 1.0.1e-fips 11 Feb 2013

              Is this the info needed to determine if the authorize.net change will cause issues with our stores? Does the Miva engine matter at all?

              Thanks,

              Comment


                #8
                That version of OpenSSL is good. Your Empresa (engine) version needs to be 5.22 or above.
                David Hubbard
                CIO
                Miva
                [email protected]
                http://www.miva.com

                Comment


                  #9
                  I am getting a similar message from our merchant gateway, can I assume since I am hosted via Miva with versions: Miva Merchant 9.09.00 and MivaScript Engine v5.31, I am compliant and won't have an issue? Thank you!
                  Thank you,
                  Terri
                  http://www.charmandhammer.com
                  Gear for Hard Working Women

                  Comment


                    #10
                    Correct, will not be an issue.
                    David Hubbard
                    CIO
                    Miva
                    [email protected]
                    http://www.miva.com

                    Comment

                    Working...
                    X