I just turned our software into testing mode and processed a transaction which sent it to https://test.authorize.net/gateway/transact.dll that it was successful. This is the sandbox URL correct so we will be good when TSL is disabled?
โ05-06-2017 03:56 PM
@redbrad0 The endpoint https://test.authorize.net/gateway/transact.dll is now configured to only accept TLS 1.2 connections.
https://www.ssllabs.com/ssltest/analyze.html?d=test.authorize.net&latest
Richard
โ05-06-2017 06:09 PM
Hi Richard,
when I tried https://test.authorize.net/gateway/transact.dll and it is still accepting TLS1.0 and TLS1.1.
Though it only accept TLS1.2?
Thanks,
Binh.
โ07-20-2017 10:43 AM
Hello @binhaccount
I'm not sure what you are using to test, but according to SSL Labs we only support TLS 1.2.
Richard
โ07-20-2017 10:56 AM
Hi Richard,
We're using a very simple javax.jws.WebService Java program and sent a "AUTH_ONLY" request. I just another request using TLS1.0 and it went through
<transactionId>40005473153</transactionId>
โ07-20-2017 01:48 PM
Hello @binhaccount
We would need to see the actual connection log of the data going over the wire showing the TLS negotiation to confirm.
Richard
โ07-20-2017 02:35 PM
We performed an extensive review of the logs for our sandbox environment, and had another team member validate the results as well. We verified that there have been no transactions submitted to our test environment using TLS 1.0 or TLS 1.1.
Richard
โ07-21-2017 09:20 AM
The poster might be confused if he is using CURL and referring to the PHP7.0 documentation like i have.
It says:
One of CURL_SSLVERSION_DEFAULT (0), CURL_SSLVERSION_TLSv1 (1), CURL_SSLVERSION_SSLv2 (2), CURL_SSLVERSION_SSLv3 (3), CURL_SSLVERSION_TLSv1_0 (4), CURL_SSLVERSION_TLSv1_1 (5) or CURL_SSLVERSION_TLSv1_2 (6).
I tried setting 1 ( TLSv1 )and the authorization went through.
Setting 4 ( TLSv1_0 ) gave me a blank response.
Setting 6 ( TLSv1_2 ) gives me an authorization.
All other settings give me no response.
I imagine that setting 1 is trying to negotiate the highest version of TLS1.x.... this is not mentioned in the documentation but i imagine it's what's happening here.
โ09-01-2017 09:35 PM
There's also a bug in curl 7.54.0 as detailed here. You think you're specifying one version of TLS and you're getting something else. That one personally wasted an hour of my time.
โ09-05-2017 01:38 PM
I just built the C# test code that's out on GitHub. It throws a SSL/TLS exception when I try AuthroizeCreditCard... 'The request was aborted: Could not create SSL/TLS secure channel.' I get this from the Sample Code appliction and from the CoffeeShopWebApp sample. Is this sample code up to date with a new TLS configuration?
โ11-12-2017 10:16 AM