developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

Request for Comments: API Best Practices

We just posted a draft of our upcoming API Best Practices Guide.

Please post your feedback below. Thanks!

--
"Move fast and break things," out. "Move carefully and fix what you break," in.
1 person had this problem.
Lilith
Administrator Administrator
Administrator

‎01-29-2016 10:43 AM - edited ‎01-29-2016 10:51 AM

26 REPLIES 26

@skyetech That isn't surprising. Windows uses Secure Channel (AKA SChannel) for negotiating SSL/TLS with browsers and other services not going directly through IIS. The versions of SChannel used in Server 2003/XP cap at TLS 1.0, with older and weaker ciphers.

 

Chrome uses its own TLS negotiation setup, with its own cipher suites and certificate store. It also auto-updates, making it more resiliant to the sorts of issues legacy IE users face.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.
Lilith
Administrator Administrator
Administrator
In response to skyetech

‎04-22-2016 12:37 PM - edited ‎04-22-2016 12:38 PM

0 Kudos

So is sandbox currently RC4 disabled?  Just making sure it was not delayed again.

dlewis9
Member
In response to Lilith

‎05-12-2016 01:36 PM

0 Kudos

@dlewis9

 

Yes, RC4 is disabled in the sandbox.

 

Richard

RichardH
Administrator Administrator
Administrator
In response to dlewis9

‎05-12-2016 01:38 PM

0 Kudos

Can you confirm that RC4 is even disabled in the sandbox for users of AIM, using this endpoint URL(?):

https://test.authorize.net/gateway/transact.dll

 

Many thanks.

gcgala2
Member
In response to RichardH

‎05-12-2016 03:23 PM

0 Kudos

@gcgala2

 

All of our sandbox endpoints no longer support RC4.  You can confirm this using Qualys SSL Labs tool:

 

https://www.ssllabs.com/ssltest/analyze.html?d=test.authorize.net

 

Richard

RichardH
Administrator Administrator
Administrator
In response to gcgala2

‎05-12-2016 03:30 PM - edited ‎05-12-2016 03:34 PM

0 Kudos

If our application server (Glassfish 4.0) is running on JDK 8, and we're using the Authorize.NET Java SDK, can we assume that TLS 1.2 is being used? I can't seem to find any object in the Authorize.NET library that explicitly sets the outbound TLS protocol version. Our application server is configured to use TLS 1.2 for inbound requests. Is that enough?

michaelrepucci
Member

‎04-27-2017 02:22 PM

0 Kudos

We are using .net framework 4.0 in our project. How to do a workaround for this then ?

I suppose there are 2 ways:

1) Using existing project with .net framework(4.0). Installing .net framework 4.5 in my machine. Changing the code as ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

2) Upgrading project to .net framework 4.5.

 

Can we use the 1st option for time being ?

Kindly suggest.

ShilpaAutho
Member

‎05-25-2017 11:57 PM

0 Kudos
Copyright © 2024 Khoros, LLC