cancel
Showing results for 
Search instead for 
Did you mean: 

Sandbox URL to test TLS Update

I just turned our software into testing mode and processed a transaction which sent it to https://test.authorize.net/gateway/transact.dll that it was successful. This is the sandbox URL correct so we will be good when TSL is disabled?

redbrad0
Member
10 REPLIES 10

@redbrad0 The endpoint https://test.authorize.net/gateway/transact.dll is now configured to only accept TLS 1.2 connections.

 

https://www.ssllabs.com/ssltest/analyze.html?d=test.authorize.net&latest

 

Richard

RichardH
Administrator Administrator
Administrator

Hi Richard,

 

when I tried https://test.authorize.net/gateway/transact.dll and it is still accepting TLS1.0 and TLS1.1.

Though it only accept TLS1.2?

 

Thanks,

Binh.

Hello @binhaccount

 

I'm not sure what you are using to test, but according to SSL Labs we only support TLS 1.2.

 

Richard

 

 

Hi Richard,

We're using a very simple javax.jws.WebService Java program and sent a "AUTH_ONLY" request. I just another request using TLS1.0 and it went through

 <transactionId>40005473153</transactionId>

 

 

Hello @binhaccount

 

We would need to see the actual connection log of the data going over the wire showing the TLS negotiation to confirm.

 

Richard

@binhaccount 

 

We performed an extensive review of the logs for our sandbox environment, and had another team member validate the results as well.  We verified that there have been no transactions submitted to our test environment using TLS 1.0 or TLS 1.1.

 

Richard

The poster might be confused if he is using CURL and referring to the PHP7.0 documentation like i have.

 

It says:

One of CURL_SSLVERSION_DEFAULT (0), CURL_SSLVERSION_TLSv1 (1), CURL_SSLVERSION_SSLv2 (2), CURL_SSLVERSION_SSLv3 (3), CURL_SSLVERSION_TLSv1_0 (4), CURL_SSLVERSION_TLSv1_1 (5) or CURL_SSLVERSION_TLSv1_2 (6).

 

I tried setting 1 ( TLSv1 )and the authorization went through.

Setting 4 ( TLSv1_0 ) gave me a blank response.

Setting 6 ( TLSv1_2 ) gives me an authorization.
All other settings give me no response.

 

I imagine that setting 1 is trying to negotiate the highest version of TLS1.x.... this is not mentioned in the documentation but i imagine it's what's happening here.

 

There's also a bug in curl 7.54.0 as detailed here. You think you're specifying one version of TLS and you're getting something else. That one personally wasted an hour of my time.

I just built the C# test code that's out on GitHub.  It throws a SSL/TLS exception when I try AuthroizeCreditCard... 'The request was aborted: Could not create SSL/TLS secure channel.'  I get this from the Sample Code appliction and from the CoffeeShopWebApp sample.  Is this sample code up to date with a new TLS configuration?