SOURCE: Plug & Pay Technologies Inc.
Modification To Permitted Ciphers
Hauppauge, NY - March 26, 2018
Effective May 30th 2018
- The Payment Card Industry Security Standards Council (PCI SSC) announced a mandate for transitioning from all versions of SSL and TLS 1.0 communication protocols to a more secure version of TLS (currently TLS v1.1 or higher).
- Plug and Pay has established a compliance deadline for all transaction traffic to update to TLS 1.1+ by May 30th 2018.
- For most merchants running modern software, merchants that have not upgraded by this date will experience service outages and will not be able to process transactions until an upgrade to TLS 1.1 or higher is performed.
- We're requesting that said API based integrations be tested, to ensure your given system/integration will not have difficulties connecting to the payment gateway after May 31th.
- Tests can easily be performed by making the API requests to the gateway normally.
- Test all your gateway accounts.
- If everything works normally, then you can be sure your API integration to the payment gateway will continue to function after the given deadline.
- However, if you run into any troubles while testing, please contact support@plugnpay.com, so we may work with you &/or your staff on the matter.
Addition Information:
- • Windows XP & Windows Server 2003 can not support TLS 1.1 or higher.
Solution: Switch to a newer version of Windows.
- • Windows Server 2008 SP2, Windows Embedded POSReady 2009 & Windows Embedded Standard 2009 can support TLS 1.1 & 1.2 after a registry change.
Solution: The "Easy Fix" in this Windows KB is said to fix the issue.
- • Windows 7 & Windows Server 2008 R2 SP1 can support TLS 1.1 & 1.2 after a registry change.
Solution: The "Easy Fix" in this Windows KB seems to do the trick.
- • Windows 8 & Windows Server 2012 can support TLS 1.1 & 1.2 after a registry change.
Solution: The "Easy Fix" in this Windows KB seems to do the trick.
- • To apply the registry subkey manually to the above systems, please click here for related instructions.
- • To see which versions of TLS your build of Windows can support, please click here for related information.
API Troubleshooting:
If you are having connectivity issues with API connections to the gateay, please attempt the below fixes in order.
Ensure you test your API's connectivity after each step.
- If you've modified your integration previously to use our test domain, ensure you've switched it back to 'pay1.plugnpay.com'.
The test domain is no longer availble, now that TLS 1.0 has been disabled gateway wide.
- If using gateway supplied DLLs or Shopping Cart modules, ensure you have the newest version installed.
Refer to the 'API & Cart' download section of your payment gateway account.
- Fully patch Windows (including all service packs) and upgrade to the newest version of Internet Explorer available.
This should be performed via the Windows Update feature on the affected system.
Repeat patching, until all updates have been applied.
Reboot after each around of patches, to ensure they activate properly in Windows.
- If using a version of windows that requires special adjustments to enable TLS 1.1 & 1.2 (see above), ensure you apply them accordingly.
Reboot after applying any fixes, to ensure they activate properly in Windows.
- Some clients reported the Easy Fix patches (see above) did not fully correct the underling issue for certain builds of Windows.
Manually applying the registry changes noted on the same page where the Easy Fix was obtained did the trick, after a reboot was applied.
- Some clients noted the Easy Fix & manual registry changes did not 100% fix the issue with certain desktop apps.
In those cases, following these steps finished correcting the underlying issue.
- login to Windows as the user the app will be run under
- open Internet Explorer (not Edge)
- go to the Tools menu & select Internet Options
- click on the Security tab & reset all the zones back to their default levels.
- click on the Privacy tab & reset the privacy level back to its default level.
- click on the Advanced tab & ensure the use TLS 1.1 & use TLS 1.2 options are selected within the security settings part of that window.
- click on the Apply button, then OK button, finally reboot
- Some clients reported using our DLLs with certain web service/scripts didn't work properly, until they configuring the DLL to run in 'client' or 'user' mode, instead of 'server' mode.
Further they applied the Internet Explorer adjustments above to the user of the 'client' or 'user' the DLL was being invoked as, so the internet options of that user could be inherited/used.
- Clients using certain .NET DLLs may also find this Windows KB information concerning TLS 1.1 & 1.2 support useful.