SOURCE: Plug & Pay Technologies Inc.
Modification To Permitted Ciphers
Hauppauge, NY - September 7, 2022

REDUCING RISK
Migration from SSL and Early TLS Deadline

Effective September 30th 2022

⚠️ IMPORTANT NOTICE

This matter pertains to ALL users (i.e. merchants, resellers, partners, application developers, shopping carts, etc...) connecting to our payment gateway domain and related systems.

Immediate testing is required to ensure continued access/integration to our payment gateway services.

    • For Windows desktop users, please use Microsoft's ability for Windows 7/8/8.1 users to upgrade to Window 10 at no charge.
        Windows 8.1 can be used if properly patched.
        For specialized patching for Windows Server 2012 R2 & Windows 8.1, see this Security Advisory & Windows Update KB 291355. You may also go here for related info.

    • For Windows server users, you may have to upgrade to a newer version of Windows to ensure compliance and compatibility.
        Windows server 2012 R2 can be used if properly patched.
        For specialized patching for Windows Server 2012 R2 & Windows 8.1, see this Security Advisory & Windows Update KB 291355. You may also go here for related info.

    • Windows versions known to be affected by this change are:
        Windows Server 2012 & all earlier server editions
        Windows CE, XP Embedded and related editions

All other operating systems and applications, please ensure the operating system and any related app/interfaces meet the below requirements.

You must ensure that whatever app/interface adjustments required be completed no later than Sept 30th 2022.

The Payment Card Industry Security Standards Council (PCI SSC) mandate transition from all versions of SSL, TLS 1.0 and TLS 1.1 communication protocols to a more secure version of TLS (currently TLS v1.2).

Plug and Pay has established a compliance deadline for all transaction traffic to update to use strong TLS 1.2 ciphers by September 30th 2022.

Merchants not running modern software or have not upgraded by this date may experience service outages and will not be able to process transactions until an upgrade to strong TLS 1.2 ciphers is performed.

If any errors are returned indicating there was no connection, or no response is returned, this would indicate a connection problem.

Please contact support@plugnpay.com, so we may work with you &/or your staff on the matter.

Addition Information:

To maintain our systems security, only these TLS 1.2 ciphers will be permitted on Sept 30th, 2022

* May require specialized patching to manually activate/apply in Windows Server 2012 R2 and Windows 8.1

• To see which versions of TLS your build of Windows can support, please click here for related information.

Potentially some Unix/Linux servers running older versions of OpenSSL &/or other related encryption suites could also be affected, if said encryption suite is not kept current.

Customer Access To Billing Pages:

Customers who can't reach our gateway hosted billing pages may need to upgrade to a more current operating system.
Minimum operating system requirements would be Windows 10+, MacOS 10.8+, iOS 5.0+ or Android 5.0+.
Anything older would likely not be able to connect to us, as it's lacking the ability to utilize strong enough encryption methods to connect to the HTTPS URL.

API Troubleshooting:

If you are having connectivity issues with API connections to the gateway, please attempt the below fixes in order.
Ensure you test your API's connectivity after each step.

  1. If you've modified your integration previously to use our test domain, ensure you've switched it back to 'pay1.plugnpay.com'.
    The test domain will not be available, after the TLS 1.2 cipher requirement has been made gateway wide.
  2. If using gateway supplied DLLs or Shopping Cart modules, ensure you have the newest version installed.
    Refer to the 'API & Cart' download section of your payment gateway account.
  3. Fully patch Windows (including all service packs) and upgrade to the newest version of Internet Explorer available.
    This should be performed via the Windows Update feature on the affected system.
    Repeat patching, until all updates have been applied.
    Reboot after each around of patches, to ensure they activate properly in Windows.
  4. If using a version of windows that requires special adjustments to enable supported TLS 1.2 ciphers (see above), ensure you apply them accordingly.
    Reboot after applying any fixes, to ensure they activate properly in Windows.
  5. Some clients noted patching did not 100% fix the issue with certain desktop apps.
    In those cases, following these steps finished correcting the underlying issue.
    - login to Windows as the user the app will be run under
    - open Internet Explorer (not Edge)
    - go to the Tools menu & select Internet Options
    - click on the Security tab & reset all the zones back to their default levels.
    - click on the Privacy tab & reset the privacy level back to its default level.
    - click on the Advanced tab & ensure the use TLS 1.2 options are selected within the security settings part of that window.
    - click on the Apply button, then OK button, finally reboot
  6. Some clients reported using our DLLs with certain web service/scripts didn't work properly, until they configuring the DLL to run in 'client' or 'user' mode, instead of 'server' mode.
    Further they applied the Internet Explorer adjustments above to the user of the 'client' or 'user' the DLL was being invoked as, so the internet options of that user could be inherited/used.
  7. Clients using certain .NET DLLs may also find this Windows KB information concerning TLS 1.2 support useful.
  8. If all else fails, consider routing your system's API requests through a proxy server.
    This allow your lesser secure API calls to be made normally through the proxy.
    The proxy will then use a stronger TLS 1.2 configuration when connecting to our gateway.
    This would not be a final solution, but should help give you additional time to upgrade properly.

If you continue to run into troubles while testing, please bring the matter to our attention, so we may work with you &/or your staff on the matter.