topic Sandbox URL to test TLS Update in Integration and Testing

Sandbox URL to test TLS Update

redbrad0 — Sat, 06 May 2017 22:56:54 GMT

I just turned our software into testing mode and processed a transaction which sent it to https://test.authorize.net/gateway/transact.dll that it was successful. This is the sandbox URL correct so we will be good when TSL is disabled?

Re: Sandbox URL to test TLS Update

RichardH — Sun, 07 May 2017 01:09:37 GMT

@redbrad0 The endpoint https://test.authorize.net/gateway/transact.dll is now configured to only accept TLS 1.2 connections.

https://www.ssllabs.com/ssltest/analyze.html?d=test.authorize.net&latest

Richard

Re: Sandbox URL to test TLS Update

binhaccount — Thu, 20 Jul 2017 17:43:51 GMT

Hi Richard,

when I tried https://test.authorize.net/gateway/transact.dll and it is still accepting TLS1.0 and TLS1.1.

Though it only accept TLS1.2?

Thanks,

Binh.

Re: Sandbox URL to test TLS Update

RichardH — Thu, 20 Jul 2017 17:56:45 GMT

Hello @binhaccount

I'm not sure what you are using to test, but according to SSL Labs we only support TLS 1.2.

Richard

Re: Sandbox URL to test TLS Update

binhaccount — Thu, 20 Jul 2017 20:48:15 GMT

Hi Richard,

We're using a very simple javax.jws.WebService Java program and sent a "AUTH_ONLY" request. I just another request using TLS1.0 and it went through

Re: Sandbox URL to test TLS Update

RichardH — Thu, 20 Jul 2017 21:35:54 GMT

Hello @binhaccount

We would need to see the actual connection log of the data going over the wire showing the TLS negotiation to confirm.

Richard

Re: Sandbox URL to test TLS Update

RichardH — Fri, 21 Jul 2017 16:20:23 GMT

@binhaccount

We performed an extensive review of the logs for our sandbox environment, and had another team member validate the results as well. We verified that there have been no transactions submitted to our test environment using TLS 1.0 or TLS 1.1.

Richard

Re: Sandbox URL to test TLS Update

westcottdev1 — Sat, 02 Sep 2017 04:35:05 GMT

The poster might be confused if he is using CURL and referring to the PHP7.0 documentation like i have.

It says:

One of CURL_SSLVERSION_DEFAULT (0), CURL_SSLVERSION_TLSv1 (1), CURL_SSLVERSION_SSLv2 (2), CURL_SSLVERSION_SSLv3 (3), CURL_SSLVERSION_TLSv1_0 (4), CURL_SSLVERSION_TLSv1_1 (5) or CURL_SSLVERSION_TLSv1_2 (6).

I tried setting 1 ( TLSv1 )and the authorization went through.

Setting 4 ( TLSv1_0 ) gave me a blank response.

Setting 6 ( TLSv1_2 ) gives me an authorization.
All other settings give me no response.

I imagine that setting 1 is trying to negotiate the highest version of TLS1.x.... this is not mentioned in the documentation but i imagine it's what's happening here.

Re: Sandbox URL to test TLS Update

Aaron — Tue, 05 Sep 2017 20:38:18 GMT

There's also a bug in curl 7.54.0 as detailed here. You think you're specifying one version of TLS and you're getting something else. That one personally wasted an hour of my time.

Re: Sandbox URL to test TLS Update

zarsejm1 — Sun, 12 Nov 2017 18:16:38 GMT

I just built the C# test code that's out on GitHub. It throws a SSL/TLS exception when I try AuthroizeCreditCard... 'The request was aborted: Could not create SSL/TLS secure channel.' I get this from the Sample Code appliction and from the CoffeeShopWebApp sample. Is this sample code up to date with a new TLS configuration?

Re: Sandbox URL to test TLS Update

Aaron — Mon, 13 Nov 2017 16:48:40 GMT

Hi @zarsejm1,

Sorry, the .NET SDK hasn't been updated to force TLS 1.2 yet, but keep an eye on that as it should happen soon.