What is SSL and TLS?
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browser remain private and integral.
TLS (Transport Layer Security) provides secure communications on the Internet for things such as e-mail, Internet faxing, and other data transfers. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains essentially the same.
Supported TLS on the Gateway
As of 28 February 2017, Cardstream conducted a Service Security Update to remove support for legacy web browsers that use insecure encryption algorithms. From the above mentioned date, Cardstream only allows connecting to the Gateway from those using a TLS v1.2 environment.
This applies to Merchants (and Cardholders) when accessing any of the below systems/features:
- Merchant Management System (including the Virtual Terminal);
- Hosted Form (including Pay Buttons); and
- Direct Integration.
Browser Support (for Merchants and Cardholders)
What browsers should be used?
Updating browsers to support TLS 1.2 is generally a “behind the scenes” task, and most users will not need to do anything. Most browsers, such as Mozilla Firefox and Google Chrome, are set to automatically update and therefore should already support TLS 1.2. Internet Explorer, on the other hand, may require you to download Windows Updates that will enable support for TLS 1.2.
The following browsers and versions will support TLS 1.2:
- Firefox version – 27 and above
- Chrome version – 30 and above
- Internet Explorer version – 11 and above
- Microsoft Edge
- Opera version – 17 and above
- Safari version – 7 and above
Click here to test TLS support in your default browser.
If your default browser does not support TLS 1.2 we advise you to update your browser settings and download the most recent updates. Once the updates have been processed and complete, this should enable TLS 1.2 support.
Please note this will not only affect Merchants, we advise Merchants to also advise their Customers to upgrade their web browsers to support secure protocols.
Server Configurations (for Merchants using the Direct Integration)
To ensure that the Merchant website will be able to communicate with the Gateway, they should ensure they have check their servers are running on an appropriate/support version.
For Linux servers, please check the following library versions and their associated links:
Library - libcurl
Minimum Version - 7.34.0
URL/s - http://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html
Library - openssl
Minimum Version - 1.0.1
You may also need to check that your version of Perl, PHP, cURL, etc are up-to-date and/or have back-ported fixes installed in order to support usage of these libraries.
For Window severs, please check the following applications and their associated links:
Application - IIS
Minimum Version - 7.5
Application - Windows
Minimum Version - XP SP3
URL/s - https://technet.microsoft.com/library/security/ms12-006
Application - asp.net
Minimum Version - 4.5
If a Merchant has a server not running on Linux or Windows, please contact Support for further assistance.