On April 1st, 2018 Payschools will no longer support TLS 1.0. Any older browsers or applications using our web sites that do not support TLS 1.1 or 1.2 will no longer work after this date. This change is mandated by the PCI (Payment Card Industry) Security Council and affects all merchants and service providers that transmit credit card data.
What is TLS?
Transport Layer Security (TLS) is the protocol that ensures the data between the client (frequently your web browser) and the server is private and secure. As vulnerabilities in the protocol are discovered, new versions of the protocol are released and the old ones are discontinued once software vendors have had a chance to update their browsers and other programs to support the new version.
Why are we disabling TLS 1.0?
The PCI Security Counsel sets the standards on which technologies can be used when sending sensitive information such as credit card numbers. They no longer accept TLS 1.0 as of June 2018 because it has been shown to be vulnerable to attack.
How will I know if I’m affected?
Most browsers have supported TLS 1.1 or later for several years so few end-users are likely to be impacted by the change. You can check your browser by going to the following link and verifying your user agent (browser) supports TLS 1.1 or TLS 1.2 https://www.ssllabs.com/ssltest/viewMyClient.html
Many of Payschools web applications will start detecting the TLS version automatically and will warn you prior to April 1st, 2018 if your web browser does not support a minimum of TLS 1.1. The biggest impact will be felt by users of our web APIs that are using old libraries.
To ensure compatibility with TLS 1.1 and eliminate the risk from known vulnerabilities such as BEAT, CRIME, POODLE, RC4, FREAK or Logjam, Payschools recommends using the latest version of your browser. We always recommend using the most recent browser version, however the minimum excepted versions at this time are:
- Google Chrome: 44 (Current 60)
- Firefox: 38.1 (Current 55)
- Internet Explorer: 11 (Current 11)
- Edge: 12 (Current 15)
- Opera: 30 (Current 47)
- Safari: 9 (Current 11)
- Safari Mobil: 8 (Current 11)
- Android OS Browser 5.1 (Current 8)
We highly recommend users upgrade to the latest version available to maintain the highest level of security.
API Library Support
Code that communicates with our APIs may also need to be updated to handle TLS 1.1 or later to continue working on April 1st, 2018. Common code libraries required are:
- .NET 4.6 – TLS 1.1 and 1.2 are supported by default.
- .NET 4.5 – TLS 1.1 is supported by default but you must explicitly enable TLS 1.1 and TLS1.2
- NET 4.0 – TLS 1.1 is supported by default but you must explicitly enable TLS 1.1 and TLS1.2.
- .Net 3.5 SP1 – Only TLS 1.1 is supported but must be enabled and the operating system must also support TLS 1.1
- OpenSSL version 1.01 or newer.
- PHP, Python, Ruby and other dynamic languages rely on the operating system’s OpenSSL Version
To allow 3rd party developers to test their support of TLS 1.1 prior to the hard-cutoff date of April 1st, 2018, and to help identify any partners not aware they are affected by the cutoff, TLS 1.1 will temporarily be turned off from January 16 to January 18th, 2018.
Payschools partners should take note of any system that fails during the trial shut off from January 16th-18th 2018 and address any issues before the hard cutoff on April 1st, 2018. To maintain our PCI compliance, TLS 1.0 will not be turned back on after April 1st, 2018.