https://community.developer.cybersource.com/t5/Integration-and-Testing/TLS-1-2-migration-is-failing-in-test-server/m-p/59616#M34195 <P>Ah, I see. I'd advise updating to newer versions, because those are all old and there are security holes in all of them. However, since this is CentOS, and they backport security fixes to the old versions they distribute, you should be fine there.</P> <P>&nbsp;</P> <P>So, the only remaining question is if&nbsp;these versions support TLS 1.2. It appears that they do, but there's a problem with curl 7.19.7 where even though it supports TLS 1.2, you have to explicitly request a TLS 1.2 connection or it won't make one. See <A href="https://bugzilla.redhat.com/show_bug.cgi?id=1272504" target="_self">here</A> and <A href="https://bugzilla.redhat.com/show_bug.cgi?id=1289205" target="_blank">here</A>.</P> <P>&nbsp;</P> <P>In whichever part of your code makes the actual curl requests, add a line like this:</P> <PRE>curl_setopt ($ch, CURLOPT_SSLVERSION, 6);</PRE> <P>That forces TLS 1.2 specifically, so that should be all you need.</P> Thu, 31 Aug 2017 15:20:51 GMT Aaron 2017-08-31T15:20:51Z https://community.developer.cybersource.com/t5/Integration-and-Testing/TLS-1-2-migration-is-failing-in-test-server/m-p/59608#M34187 <P><BR />Hi,<BR /><BR />I've updated one of my test servers (centos 6.5) to use only TLS 1.2, the update process went well but is not connecting to your sandbox server I don't get any kind of error message, I can run the same code in my local machine fine( Apache/2.4.18 (Unix) OpenSSL/1.0.2g PHP/5.5.34 mod_perl/2.0.8-dev Perl/v5.16.3 )<BR /><BR />I've attached a screenshot from TLS checker tool from symantec and everything looks good. Do you see anything wrong?</P><P>&nbsp;</P><P>&nbsp;</P><P>I'm using this endpoint:</P><P><A href="https://apitest.authorize.net/xml/v1/request.api" target="_blank">https://apitest.authorize.net/xml/v1/request.api</A><BR /><BR /></P><P>&nbsp;</P><P>&nbsp;&nbsp;</P><P>&nbsp;</P><P><IMG src="https://ip1.i.lithium.com/8fba8f37280dcfea7d54d5f9354635c6bd95efaf/687474703a2f2f69642e6b69636b666972652e636f6d2f747261636b696e672f696d672f544c532e706e67" border="0" /></P> Wed, 30 Aug 2017 20:51:10 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/TLS-1-2-migration-is-failing-in-test-server/m-p/59608#M34187 ciroalvarez1 2017-08-30T20:51:10Z https://community.developer.cybersource.com/t5/Integration-and-Testing/TLS-1-2-migration-is-failing-in-test-server/m-p/59612#M34191 <P>Hi&nbsp;<a href="https://community.developer.cybersource.com/t5/user/viewprofilepage/user-id/22260">@ciroalvarez1</a>,</P> <P>&nbsp;</P> <P>From the screenshot you've posted, it looks like you're having something analyze what&nbsp;<EM>your&nbsp;</EM>web server supports for connections made to it. That's probably not at issue here. Since&nbsp;<EM>our</EM> web server only supports connections made via TLS 1.2, it's the client code that's running on your server (the code that makes the actual connection to us) that has to support TLS 1.2 connections.</P> <P>&nbsp;</P> <P>What version of OpenSSL, PHP, and curl are installed on that test server?</P> Wed, 30 Aug 2017 22:44:26 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/TLS-1-2-migration-is-failing-in-test-server/m-p/59612#M34191 Aaron 2017-08-30T22:44:26Z https://community.developer.cybersource.com/t5/Integration-and-Testing/TLS-1-2-migration-is-failing-in-test-server/m-p/59614#M34193 <P>Hi Aaron, thanks for your answer, here some details of my server:</P><P>&nbsp;</P><P>centOS 6.5</P><P>&nbsp;</P><P>OpenSSL:</P><P>OpenSSL 1.0.1e-fips</P><P>&nbsp;</P><P>PHP:</P><P>5.3.3 (cli)</P><P>&nbsp;</P><P>curl:</P><P>curl 7.19.7 (x86_64-unknown-linux-gnu) libcurl/7.19.7 NSS/3.12.7.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2</P><P>&nbsp;</P><P>&nbsp;</P><P>Thanks.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 30 Aug 2017 23:43:08 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/TLS-1-2-migration-is-failing-in-test-server/m-p/59614#M34193 ciroalvarez1 2017-08-30T23:43:08Z https://community.developer.cybersource.com/t5/Integration-and-Testing/TLS-1-2-migration-is-failing-in-test-server/m-p/59616#M34195 <P>Ah, I see. I'd advise updating to newer versions, because those are all old and there are security holes in all of them. However, since this is CentOS, and they backport security fixes to the old versions they distribute, you should be fine there.</P> <P>&nbsp;</P> <P>So, the only remaining question is if&nbsp;these versions support TLS 1.2. It appears that they do, but there's a problem with curl 7.19.7 where even though it supports TLS 1.2, you have to explicitly request a TLS 1.2 connection or it won't make one. See <A href="https://bugzilla.redhat.com/show_bug.cgi?id=1272504" target="_self">here</A> and <A href="https://bugzilla.redhat.com/show_bug.cgi?id=1289205" target="_blank">here</A>.</P> <P>&nbsp;</P> <P>In whichever part of your code makes the actual curl requests, add a line like this:</P> <PRE>curl_setopt ($ch, CURLOPT_SSLVERSION, 6);</PRE> <P>That forces TLS 1.2 specifically, so that should be all you need.</P> Thu, 31 Aug 2017 15:20:51 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/TLS-1-2-migration-is-failing-in-test-server/m-p/59616#M34195 Aaron 2017-08-31T15:20:51Z