Reply
Member
Posts: 3
Registered: ‎06-21-2011

Sandbox URL to test TLS Update

I just turned our software into testing mode and processed a transaction which sent it to https://test.authorize.net/gateway/transact.dll that it was successful. This is the sandbox URL correct so we will be good when TSL is disabled?

Posts: 2,765
Topics: 57
Kudos: 251
Blog Posts: 67
Registered: ‎12-05-2011

Re: Sandbox URL to test TLS Update

@redbrad0 The endpoint https://test.authorize.net/gateway/transact.dll is now configured to only accept TLS 1.2 connections.

 

https://www.ssllabs.com/ssltest/analyze.html?d=test.authorize.net&latest

 

Richard

Member
Posts: 2
Registered: ‎07-20-2017

Re: Sandbox URL to test TLS Update

Hi Richard,

 

when I tried https://test.authorize.net/gateway/transact.dll and it is still accepting TLS1.0 and TLS1.1.

Though it only accept TLS1.2?

 

Thanks,

Binh.

Posts: 2,765
Topics: 57
Kudos: 251
Blog Posts: 67
Registered: ‎12-05-2011

Re: Sandbox URL to test TLS Update

Hello @binhaccount

 

I'm not sure what you are using to test, but according to SSL Labs we only support TLS 1.2.

 

Richard

 

 

Member
Posts: 2
Registered: ‎07-20-2017

Re: Sandbox URL to test TLS Update

Hi Richard,

We're using a very simple javax.jws.WebService Java program and sent a "AUTH_ONLY" request. I just another request using TLS1.0 and it went through

 <transactionId>40005473153</transactionId>

 

 

Posts: 2,765
Topics: 57
Kudos: 251
Blog Posts: 67
Registered: ‎12-05-2011

Re: Sandbox URL to test TLS Update

Hello @binhaccount

 

We would need to see the actual connection log of the data going over the wire showing the TLS negotiation to confirm.

 

Richard

Posts: 2,765
Topics: 57
Kudos: 251
Blog Posts: 67
Registered: ‎12-05-2011

Re: Sandbox URL to test TLS Update

@binhaccount 

 

We performed an extensive review of the logs for our sandbox environment, and had another team member validate the results as well.  We verified that there have been no transactions submitted to our test environment using TLS 1.0 or TLS 1.1.

 

Richard

Member
Posts: 1
Registered: ‎09-01-2017

Re: Sandbox URL to test TLS Update

The poster might be confused if he is using CURL and referring to the PHP7.0 documentation like i have.

 

It says:

One of CURL_SSLVERSION_DEFAULT (0), CURL_SSLVERSION_TLSv1 (1), CURL_SSLVERSION_SSLv2 (2), CURL_SSLVERSION_SSLv3 (3), CURL_SSLVERSION_TLSv1_0 (4), CURL_SSLVERSION_TLSv1_1 (5) or CURL_SSLVERSION_TLSv1_2 (6).

 

I tried setting 1 ( TLSv1 )and the authorization went through.

Setting 4 ( TLSv1_0 ) gave me a blank response.

Setting 6 ( TLSv1_2 ) gives me an authorization.
All other settings give me no response.

 

I imagine that setting 1 is trying to negotiate the highest version of TLS1.x.... this is not mentioned in the documentation but i imagine it's what's happening here.

 

All Star
Posts: 699
Registered: ‎11-03-2016

Re: Sandbox URL to test TLS Update

There's also a bug in curl 7.54.0 as detailed here. You think you're specifying one version of TLS and you're getting something else. That one personally wasted an hour of my time.

Member
Posts: 1
Registered: ‎11-12-2017

Re: Sandbox URL to test TLS Update

I just built the C# test code that's out on GitHub.  It throws a SSL/TLS exception when I try AuthroizeCreditCard... 'The request was aborted: Could not create SSL/TLS secure channel.'  I get this from the Sample Code appliction and from the CoffeeShopWebApp sample.  Is this sample code up to date with a new TLS configuration?