I just turned our software into testing mode and processed a transaction which sent it to https://test.authorize.net/gateway/transact.dll that it was successful. This is the sandbox URL correct so we will be good when TSL is disabled?
05-06-2017 03:56 PM
@redbrad0 The endpoint https://test.authorize.net/gateway/transact.dll is now configured to only accept TLS 1.2 connections.
https://www.ssllabs.com/ssltest/analyze.html?d=test.authorize.net&latest
Richard
05-06-2017 06:09 PM
Hi Richard,
when I tried https://test.authorize.net/gateway/transact.dll and it is still accepting TLS1.0 and TLS1.1.
Though it only accept TLS1.2?
Thanks,
Binh.
07-20-2017 10:43 AM
Hello @binhaccount
I'm not sure what you are using to test, but according to SSL Labs we only support TLS 1.2.
Richard
07-20-2017 10:56 AM
Hi Richard,
We're using a very simple javax.jws.WebService Java program and sent a "AUTH_ONLY" request. I just another request using TLS1.0 and it went through
<transactionId>40005473153</transactionId>
07-20-2017 01:48 PM
Hello @binhaccount
We would need to see the actual connection log of the data going over the wire showing the TLS negotiation to confirm.
Richard
07-20-2017 02:35 PM
We performed an extensive review of the logs for our sandbox environment, and had another team member validate the results as well. We verified that there have been no transactions submitted to our test environment using TLS 1.0 or TLS 1.1.
Richard
07-21-2017 09:20 AM
The poster might be confused if he is using CURL and referring to the PHP7.0 documentation like i have.
It says:
One of CURL_SSLVERSION_DEFAULT (0), CURL_SSLVERSION_TLSv1 (1), CURL_SSLVERSION_SSLv2 (2), CURL_SSLVERSION_SSLv3 (3), CURL_SSLVERSION_TLSv1_0 (4), CURL_SSLVERSION_TLSv1_1 (5) or CURL_SSLVERSION_TLSv1_2 (6).
I tried setting 1 ( TLSv1 )and the authorization went through.
Setting 4 ( TLSv1_0 ) gave me a blank response.
Setting 6 ( TLSv1_2 ) gives me an authorization.
All other settings give me no response.
I imagine that setting 1 is trying to negotiate the highest version of TLS1.x.... this is not mentioned in the documentation but i imagine it's what's happening here.
09-01-2017 09:35 PM
There's also a bug in curl 7.54.0 as detailed here. You think you're specifying one version of TLS and you're getting something else. That one personally wasted an hour of my time.
09-05-2017 01:38 PM
I just built the C# test code that's out on GitHub. It throws a SSL/TLS exception when I try AuthroizeCreditCard... 'The request was aborted: Could not create SSL/TLS secure channel.' I get this from the Sample Code appliction and from the CoffeeShopWebApp sample. Is this sample code up to date with a new TLS configuration?
11-12-2017 10:16 AM