After discussions with many of you regarding the effort and timelines required for updating your payment systems to disable TLS 1.0 and 1.1, Authorize.Net has decided to extend our deadline from September 18, 2017. The new date for when we will no longer allow TLS 1.0 and 1.1 is February 28, 2018.
This extension will provide you with additional time and allow your clients to continue processing through the upcoming holiday season before any changes are required. It also still allows Authorize.Net to meet the PCI DSS requirements to disable early TLS by 2018.
However, we still strongly encourage you and your clients to update your systems as soon as possible. We will begin notifying merchants of the extended date next week. Please refer to our TLS FAQs for additional information regarding TLS disablement.
3DES Cipher Retirement
As previously communicated, we are still planning to retire the 3DES cipher in production on September 18, 2017. Please make sure that your systems can support this change.
We have already disabled 3DES in the sandbox to allow you to test your solution prior to September 18th. You can refer to our API Best Practices for cipher recommendations and other integration suggestions.