TLS Upgrade Warning - What You Need to Know
On 01/01/2018, PaySmart will no longer support TLS 1.0 or TLS 1.1 over HTTPS on the ffapaysmart.com.au or paysmart.com.au domains. Any older browsers or API clients that do not support TLS 1.2 will no longer work after this date. This change is mandated by the PCI Security Council and affects all merchants and service providers processing or transmitting credit card data.
If you use webhooks, your non-test endpoints will also be required to support HTTPS and TLS 1.2 in order to receive webhooks from us after 01/01/2018. Any endpoints that do not support a TLS 1.2 connection will be disabled.
What is TLS?
TLS is the encryption protocol used to encrypt the data between your computer and the PaySmart Servers. If you are passing sensitive information such as credit cards or peoples details, you want this to be encrypted and as secure as possible, so that someone cannot intercept the messages and steal the information.
Why are we making this change?
The PCI Security Council sets the rules on which technologies are acceptable for use in transmitting cardholder data. They have explicitly identified TLS 1.0 as no longer being a strong form of encryption because it is vulnerable to many known attacks.
PaySmart are therefore required to upgrade the version of TLS we are currently using as it’s no longer considered secure. To ensure our compliance and the security of your data, we are upgrading our version of TLS on the 1/01/2017. What this means is, you should update your systems to ensure they are using the most secure version of TLS available as well. If you do not carry this upgrade out, you will not be able to connect to PaySmart as we will no longer accept the less secure versions of TLS as of the 1st-JAN-2018.
This is not an action PaySmart is taking alone. EVERY website that transmits or processes credit card data will be making this change. If you or your customers are using an insecure or unsupported browser or API client, you will find that all secure websites will stop working very soon.
How do I know if I’m affected?
If you were directed here by a message on one of our sites it is because our system has detected that your session is using an encryption suite that will be unsupported in the near future.
You will continue to receive this notification on each browser session until such time as your Browser is updated.
Most browsers have supported TLS for at least the last few years. So end-users are unlikely to be affected by this change. The biggest impact is likely to be felt by API users with very old libraries.
A comprehensive list of support is available here: https://www.ssllabs.com/ssltest/clients.html
How to Test:
- Point your browser, API client, or code to https://psdn.ffapaysmart.com.au
- You should expect to see the PaySmart Developer Network site
- If you see that, then you have successfully connected and are all set
- If your client throws an SSL, TLS, Connection, or Negotiation error, then you will need to upgrade your language, library or browser in order to remain compatible
API Library Support
If you have code that connects with the PaySmart API, you must ensure that it will continue to work after 01/01/2018. Each language and library is different, but we’ve identified the popular ones that may be of concern.
These languages will need significant changes/upgrades in order to work:
- Java 6u45 / 7u45
- .NET before 4.5 (does not support TLS 1.2)
- .NET 4.5 (must be have setting changed to explicitly enable TLS 1.2)
- OpenSSL 0.9.8
Most dynamic languages such as Ruby, PHP, & Python rely on the underlying operating system’s OpenSSL version. You can check it by running
openssl version. 1.0.1 in the minimum required.
We would be happy to help you ensure compatibility in any way we can. However, please keep in mind that we are not experts in every language or framework and so we aren’t able to test or fix your code for you.
Most browsers have supported TLS 1.2 for several years.
The following browsers DO NOT support TLS 1.2 and will no longer work.
- Google Chrome 29
- Firefox 26
- Internet Explorer 10
- Safari 8
- iOS 4
- Android 4