Cybersource Developer Community Cybersource Developer Community

msamama2018 · ‎02-08-2018

Hi,

I received an email about "Important TLS 1.0 Disablement ".

1- We are using Authorize.Net on our Joomla / PHP website.

Our web site is hosted on the Windows Server 2012 R2.

To verify my changes I setup sandbox and test server but sandbox doesn’t response to any test transaction.

What updates should be done from our side to make the website work with Authorize.net?

thaks.

Anurag · ‎02-08-2018

Hi @msamama2018

Please have a look at our TLS 1.2 FAQs https://support.authorize.net/authkb/index?page=content&id=A1623

https://community.developer.authorize.net/t5/News-and-Announcements/Temporary-Disablement-of-TLS-1-0...

Reach out to our CS teams at 1.877.447.3938 if need more information .

Thanks

Send feedback at developer_feedback@authorize.net

NexusSoftware · ‎02-09-2018

As a start you could create a simple function to check the status of your server's TLS:

using System;
using System.Net;
using System.IO;

namespace howsMySSL
{
    public partial class Default : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
            var response = WebRequest.Create("https://www.howsmyssl.com/a/check").GetResponse();
            var responseData = new StreamReader(response.GetResponseStream()).ReadToEnd();
            Response.Write(responseData);

        }
    }
}

Or with PHP :

<?php 
$ch = curl_init('https://www.howsmyssl.com/a/check');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
curl_close($ch);

$json = json_decode($data);
echo $json->tls_version;

The JSON reponse should show something like the following:

{"given_cipher_suites":["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_256_GCM_SHA384","TLS_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_256_CBC_SHA256","TLS_RSA_WITH_AES_128_CBC_SHA256","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_3DES_EDE_CBC_SHA"],"ephemeral_keys_supported":true,"session_ticket_supported":true,"tls_compression_supported":false,"unknown_cipher_suite_supported":false,"beast_vuln":false,"able_to_detect_n_minus_one_splitting":false,"insecure_cipher_suites":{},"tls_version":"TLS 1.2","rating":"Probably Okay"}

If the tls_version is less than TLS 1.2, then some server configuration needs to be addressed(with Windows 2102, this shouldn't be the case), else you can then check your cURL / OpenSSL / NSS version with the following:

<?php    
$curl_info = curl_version();
echo $curl_info['ssl_version'];

OpenSSL includes support for TLS v1.2 in OpenSSL 1.0.1

NSS included support for TLS v1.2 in 3.15

Powered by NexWebSites.com -
Certified Authorize.net developers

atripathi · ‎02-12-2018

We have updated our server for TLS 1.2... The changes were tested and working successfully as applications on this machine are calling UPS API, who have already enforced TLS 1.2... However, we are still worried as we are using an old DLLs from Authorize.Net for Asp.Net framework 2.0 named ETransact.dll (version 1.0.2307)... We doubt that DLL may have issues in making TLS 1.2 connection...

The DLL allows switching between test/live modes... I performed a payment in the test mode, which was successful... But I am not sure, when I am making a payment in the test mode, then I am hitting the sandbox URL to test TLS 1.2, or I need to hit some other endpoint... And, if I need to hit some other endpoint, then what choices do I have... I can not change the service endpoint within DLL...

Thanks

Arvind

NexusSoftware · ‎02-12-2018

You should know completely the functionality of any DLLs, that your application is using, especially one as old at that. One way is decompile the DLL and see exactly what is happening and if need be, rewrite it to suite your purposes.

if you must use the SDK, it would be recommended to upgrade to the newest version.

Powered by NexWebSites.com -
Certified Authorize.net developers

atripathi · ‎02-13-2018

I decompiled the DLL, and found that it is hitting following URL in Live mode:

https://secure.authorize.net/gateway/transact.dll

and the following URL in Test mode:

https://certification.authorize.net/gateway/transact.dll

The sandbox URL provided by Authorize.Net to test TLS 1.2 is:

https://test.authorize.net/gateway/transact.dll

I can not make changes to the dll to hit the sandbox URL provided by Authorize.Net to test TLS 1.2... What option do I have for performing the test?

Thanks

Arvind

NexusSoftware · ‎02-13-2018

Build your own DLL that calls the correct API endpoint or use the newest version of the SDK.

Powered by NexWebSites.com -
Certified Authorize.net developers

atripathi · ‎02-13-2018

What is the recommended way to post to API endpoint... Is it essential to build a DLL... Can we write the code, which directly performs the post to API endpoint... Are there any guidelines available?

NexusSoftware · ‎02-13-2018

Yes, you can write the code that posts directly to the endpoint, in many cases that is the better solution.

Powered by NexWebSites.com -
Certified Authorize.net developers

atripathi · ‎02-13-2018

Are there any guidelines available to perform post directly from the code... And, is there a sample code available in asp and asp.net to post directly...

Thanks

Arvind

Cybersource Developer Community Cybersource Developer Community

TLS 1.2 Migration