-
Open Firefox.
-
In the URL/address bar, type about:config and press Enter.
-
In the Search field, enter tls. Locate and double-click the entry for security.tls.version.min.
-
Set the Integer Value to 3 to enable support for TLS 1.2.
-
Click OK
-
Close your browser and restart Mozilla Firefox.
TLS 1.0/1.1 Deactivation Deadline Extended
In an effort to provide additional time to our customers to ensure TLS 1.2 readiness, we have extended the timeline for accepting TLS 1.0 and TLS 1.1 communications until June 18th, 2018. After this date, we will no longer support communications made with the TLS 1.0 and TLS 1.1 protocols. Please ensure that you are prepared for this new cut-off date by referring to the How the Upgrade Impacts You section below.
What is TLS?
The Transport Layer Security (TLS) protocol encrypts and authenticates the data that is passed between communicating applications and their end users. For example, when you enter your login credentials on a website, TLS prevents a third-party from stealing the information that is exchanged during the login process.
Why Upgrade?
The PCI (Payment Card Industry) Security Standards Council, which defines security and safety rules for the payments industry, no longer considers TLS 1.0 and TLS 1.1 to be a secure form of encryption because it is vulnerable to various types of attacks. As a result, all service providers and merchants who process or transmit credit card data must take the necessary measures to ensure that their systems and applications are upgraded to accept the TLS 1.2 protocol.
For additional information on TLS and and the risks that are present when using TLS versions 1.0 and 1.1, please refer to the PCI Security Standards Council’s Information Supplement on Migrating from SSL and Early TLS.
How is TLS Used at CardConnect?
When communications take place with CardConnect's systems and applications, the TLS protocol works to encrypt and/or authenticate the following types of information:
- Cardholder Data
- Communications from a merchant's server to CardConnect's APIs
- Personally Identifiable Information (PII) of buyers
- Application Login Data
Confirming TLS Readiness
We will be deactivating TLS 1.0 and TLS 1.1 traffic in our UAT environments on the following dates:
- October 16th (9am-5pm EST)
- November 13th (9am EST) through November 15th (5pm EST)
- December 4th (9am EST) through December 6th (5pm EST)
- January 22nd (9am EST) through January 24th (5pm EST)
- February 12th (9am EST) through February 14th (5pm EST)
- February 26th (9am EST) through February 28th (5pm EST)
TLS 1.0 and TLS 1.1 UAT Deactivation
We will be permanently deactivating support for TLS 1.0 and TLS 1.1 on March 15, 2018. Please ensure you have tested your systems for TLS 1.2 readiness prior to this date.
CardPointe and CoPilot Users
If you are a CardPointe and/or CoPilot user, it is important to ensure that your web browsers are up-to-date. Most browsers have supported TLS 1.2 for some time, but if you haven't updated your browser to the latest version, then you may be impacted by this upgrade.
Please refer to the Web Browser Support section of this page to verify whether your browser(s) is supported by TLS 1.2.
Java Support
If you run one of the following versions of Java, it is important that you take action before March 31st, 2018 to continue to communicate with CardConnect's services.
Java Version | Details |
JDK/JRE 7 Client | Yes, but support for TLS 1.2 must be enabled. |
| JDK/JRE 7 Server and above | TLS 1.2 enabled by default. |
JDK/JRE 6 and below | No TLS 1.2 support. |
ASP/.NET Support
TLS Support varies based on your Windows Kernel
- Uses a crypto library called Microsoft Secure Channel (Schannel)
Oracle E-Business Suite Users
These security enhancements will require the deployment of a new CardConnect codebase in your Oracle EBS environment. CardConnect will contact you regarding the deployment of the new code as well as the added functionality included in this release.
Additionally, it is important that you apply the appropriate Oracle patch depending on the version of Oracle EBS that you are using, as indicated below:
| Version | Details |
| Oracle E-Business Suite 12.1 | Oracle EBS Suite 12.1 users must install the following Oracle patch to ensure TLS 1.2 support. (Doc ID 376700.1) |
| Oracle E-Business Suite 12.2 | Oracle EBS Suite 12.2 users must install the following Oracle patch to ensure TLS 1.2 support. (Doc ID 1367293.1) |
SAP Users
Please refer to the table below for details based on your SAP version:
SAP Version | Details |
SAP RFC (TCP/IP) | SNC Enabled:
SNC Not Enabled:
|
SAP RFC (HTTP connection to External Server) |
|
SAP PI |
|
CardPointe Integrated Terminal
CardPointe Integrated Terminals are not impacted by the upgrade to TLS 1.2. If you are a Terminal API user, please refer to the CardPointe Integrated Terminal and API/Gateway section for additional information.
Web Tokenizer
The Web Tokenizer is not impacted by the upgrade to TLS 1.2.
iFrame Tokenizer
The iFrame Tokenizer is not impacted by the upgrade to TLS 1.2.
Desktop Tokenizer
Refer to the table below to determine if action is required on your part based on your version of the .NET framework.
| .NET Framework Version | Details |
|---|---|
| 4.0 |
|
| 4.5 + |
|
Download and Configure the Desktop Tokenizer
To download the latest version of Desktop Tokenizer, click here. The zip file contains the following files:
| File Name | Details |
| ccs.exe | The new version of the Desktop Tokenizer application. |
| cs.ini | The Desktop Tokenizer configuration file. |
| ccpanpad.dll | The new Dynamic Link Library. |
For details on testing the new application, refer to the section Testing a New Application.
Note: The configuration settings within your existing cs.ini file should be ported over to the new cs.ini file that is included in the Desktop Tokenizer .zip file that you downloaded.
Download and Configure PANpadUp
To download the latest version of PANpadUp, click here. The zip file contains the following files:
| File Name | Details |
| ppu.exe | The new version of the PanPadUp application. |
| ppu.ini | The PanPad application configuration file. |
For details on testing the new application, refer to the section Testing a New Application.
Note: The configuration settings within your existing ppu.ini file should be ported over to the new ppu.ini file that is included in the PANpadUp .zip file that you downloaded.
DLL
Refer to the table below to determine if action is required on your part based on your version of the .NET framework.
| .NET Framework Version | Details |
|---|---|
| 3.5.1 |
|
| 4.0 |
|
| 4.5 + |
|
Testing a New Application
Upon updating to the new version of Desktop Tokenizer, PANpadUp, or DLL, we recommend a full regression test of the new applications in your environment in order to ensure compatibility of all implemented changes for TLS 1.2 support. This includes all required tokenization scenarios in UAT (User Acceptance Testing) and Production.
Support of TLS 1.2 is strongly correlated to which .NET version is running within the Windows environment. Please coordinate with a network administrator to verify and confirm that the .NET version supports TLS 1.2. If running .NET 4.0, then an update to .NET 4.5 will be required.
If testing is executed with either the Desktop Tokenizer or PanPadUp while running a .NET version that does not support TLS 1.2, then the CardConnect application will prompt the user with the appropriate action before any testing can proceed.
Google Chrome
| If Your Chrome Version is.. | And You Are Running on one of these Operating Systems.. | Then... |
| v1 through 29 | - Windows 7 and up - Mac OS X 10.9 and up - Linux - Android - iOS 9 and up - Chrome OS | Your web browser is not supported by TLS 1.2 and must be updated. |
| v30 through 58 | - Windows 7 and up - Mac OS X 10.9 and up - Linux - Android - iOS 9 and up - Chrome OS | Your web browser is supported. |
Google Android OS Browser
| If Your Google Android OS Version is.. | And You Are Running on this Operating System.. | Then... |
| v1 through v4.0.4 | Android | Your web browser is not supported by TLS 1.2 and must be updated. |
| v4.1 through v4.4.4 | Android | You must enable support for TLS 1.2 in your browser. |
| v5 through v8 | Android | Your browser supports TLS 1.2. |
Mozilla Firefox
| If Your Mozilla Firefox Version is.. | And You Are Running on one of these Operating Systems.. | Then... |
| v1 through v23 | - Windows 7 and up - Mac OS X 10.9 and up - Linux - Android 4.0.3 and up - iOS 9.0 and up | Your web browser is not supported by TLS 1.2 and must be updated. |
| v24 through v26 | - Windows 7 and up - Mac OS X 10.9 and up - Linux - Android 4.0.3 and up - iOS 9.0 and up | You must enable support for TLS 1.2 in your browser. |
| v27 through v54 | - Windows 7 and up - Mac OS X 10.9 and up - Linux - Android 4.0.3 and up - iOS 9.0 and up | Your browser supports TLS 1.2. |
Mozilla Firefox ESR
| If Your Mozilla Firefox ESR Version is.. | And You Are Running on one of these Operating Systems.. | Then... |
| v10 through v17.0.10 | - Windows XP SP2 and up - Mac OS X 10.9 and up - Linux | Your web browser is not supported by TLS 1.2 and must be updated. |
| v24 through v24.1.1 | - Windows XP SP2 and up - Mac OS X 10.9 and up - Linux | You must enable support for TLS 1.2 in your browser. |
| v31 through v52.1 | - Windows XP SP2 and up - Mac OS X 10.9 and up - Linux | Your browser supports TLS 1.2. |
Enabling TLS 1.2 Support in Mozilla Firefox Browsers
If you are using Mozilla Firefox versions 24 through 26, follow the steps below to enable support for TLS 1.2:
Your browser is now ready to support the TLS 1.2 protocol.
Microsoft Internet Explorer
| If Your Internet Explorer Version is.. | And You Are Running on this Operating System.. | Then... |
| IE8 | Windows XP | Your web browser is not supported by TLS 1.2 and must be updated. |
| IE8 | Windows Server 2003 | Your web browser is not supported by TLS 1.2 and must be updated. |
| IE8 | Windows Vista | Your web browser is not supported by TLS 1.2 and must be updated. |
| IE8 | Windows 7 | You must enable support for TLS 1.2 in your browser. |
| IE8 | Windows Server 2008 | Your web browser is not supported by TLS 1.2 and must be updated. |
| IE8 | Windows Server 2008 R2 | You must enable support for TLS 1.2 in your browser. |
| IE9 | Windows Vista | Your web browser is not supported by TLS 1.2 and must be updated. |
| IE9 | Windows 7 | You must enable support for TLS 1.2 in your browser. |
| IE9 | Windows Server 2008 | Your web browser is not supported by TLS 1.2 and must be updated. |
| IE9 | Windows Server 2008 R2 | You must enable support for TLS 1.2 in your browser. |
| IE10 | Windows 7 | You must enable support for TLS 1.2 in your browser. |
| IE10 | Windows 8 | You must enable support for TLS 1.2 in your browser. |
| IE10 | Windows Server 2008 R2 | You must enable support for TLS 1.2 in your browser. |
| IE10 | Windows Server 2012 | You must enable support for TLS 1.2 in your browser. |
| IE11 | Windows 7 | Your browser supports TLS 1.2. |
| IE11 | Windows Server 2008 R2 | Your browser supports TLS 1.2. |
| IE11 | Windows 8.1 | Your browser supports TLS 1.2. |
| IE11 | Windows Server 2012 R2 | Your browser supports TLS 1.2. |
Enabling TLS 1.2 Support in Internet Explorer Browsers
If you are using Internet Explorer 8, 9, or 10, follow the steps below to enable support for TLS 1.2:
-
Open Internet Explorer and click Tools > Internet Options.
-
Select the Advanced tab.
-
Check the boxes next to TLS 1.1 and TLS 1.2 to enable support for these protocols.
-
Uncheck the box next to SSL 3.0 to disable this setting.
-
Click Apply and OK.
-
Close your browser and restart Internet Explorer.
Your browser is now ready to support the TLS 1.2 protocol.
Microsoft Internet Explorer Mobile
| If Your Internet Explorer Mobile Version is.. | And You Are Running on this Operating System.. | Then... |
| v7 | - Windows Phone 7 - Window Phone 7.5 - Window Phone 7.8 | Your web browser is not supported by TLS 1.2 and must be updated. |
| v9 | - Windows Phone 7 - Window Phone 7.5 - Window Phone 7.8 | Your web browser is not supported by TLS 1.2 and must be updated. |
| v10 | Windows Phone 8 | You must enable support for TLS 1.2 in your browser. |
| v11 | Windows Phone 8.1 | Your browser supports TLS 1.2. |
Microsoft Edge
| If Your Microsoft Edge Version is.. | And You Are Running on this Operating System.. | Then... |
| v12 | Windows 10 v1507 | Your browser supports TLS 1.2. |
| v13 | Windows 10 v1511 | Your browser supports TLS 1.2. |
| v14 | Windows 10 v1607 | Your browser supports TLS 1.2. |
| v15 | Windows 10 v1703 | Your browser supports TLS 1.2. |
| v16 | Windows 10 v1709 | Your browser supports TLS 1.2. |
Opera
| If Your Opera Version is.. | And You Are Running on one of these Operating Systems.. | Then... |
| v1 through v9 | - Windows 7 and up - Mac OS X 10.9 and up - Linux - Android 4.0 and up | Your web browser is not supported by TLS 1.2 and must be updated. |
| v10 through v12.17 | - Windows 7 and up - Mac OS X 10.9 and up - Linux - Android 4.0 and up | You must enable support for TLS 1.2 in your browser. |
| v12.18 | - Windows 7 and up - Mac OS X 10.9 and up - Linux - Android 4.0 and up | Your browser supports TLS 1.2. |
| v14 through v16 | - Windows 7 and up - Mac OS X 10.9 and up - Linux - Android 4.0 and up | Your web browser is not supported by TLS 1.2 and must be updated. |
| v17 through v45 | - Windows 7 and up - Mac OS X 10.9 and up - Linux - Android 4.0 and up | Your browser supports TLS 1.2. |
Enabling TLS 1.2 Support in Opera Browsers
If you are using Opera versions 10 through 12.17, follow the steps below to enable support for TLS 1.2:
-
Open Opera.
-
Click Ctrl plus F12.
-
Scroll down to the Network section and click Change proxy settings...
-
Select the Advanced tab.
-
Scroll down to the Security section and check check the boxes next to Use TLS 1.1 and Use TLS 1.2.
-
Click Ok.
-
Close your browser and restart Opera.
Your browser is now ready to support the TLS 1.2 protocol.
Apple Safari
| If Your Safari Version is.. | And You Are Running on one of these Operating Systems.. | Then... |
| v1 | - Mac OS X 10.2 and up | Your web browser is not supported by TLS 1.2 and must be updated. |
| v2 through v5 | - Mac OS X 10.4, 10.5, 10.6, 10.7 - Windows XP | Your web browser is not supported by TLS 1.2 and must be updated. |
| v6 | - MAC OS X 10.8 | Your web browser is not supported by TLS 1.2 and must be updated. |
| v7 through v10 | - Mac OS X 10.9, 10.10, 10.11, 10.12, 10.13 - iOS 1.0 and up | Your browser supports TLS 1.2. |
| v3 through v5 (iOS 3 and 4) | - Mac OS X 10.2 and up - iOS 1.0 and up | Your web browser is not supported by TLS 1.2 and must be updated. |
| v5 (iOS 5 and 6) through v10 | - Mac OS X 10.2 and up - iOS 1.0 and up | Your browser supports TLS 1.2. |
Apple Safari Mobile
| If Your Safari Mobile Version is.. | And You Are Running on one of these Operating Systems.. | Then... |
| v3 | iOS 1 iOS 2 | Your web browser is not supported by TLS 1.2 and must be updated. |
| v4 through v5 | iOS iOS 4 | Your web browser is not supported by TLS 1.2 and must be updated. |
| v5 through v6 | iOS 5 iOS 6 | Your browser supports TLS 1.2. |
| v7 | iOS 7 | Your browser supports TLS 1.2. |
| v8 | iOS 8 | Your browser supports TLS 1.2. |
| v9 | iOS 9 | Your browser supports TLS 1.2. |
| v10 | iOS 10 | Your browser supports TLS 1.2. |
| v11 | iOS 11 | Your browser supports TLS 1.2. |
Cryptographic Library Support
The following libraries do not support TLS 1.2:
- SChannel XP / 2003
- SChannel Vista / 2008
- SChannel 8 / 2012
- Secure Transport OS X 10.2-10.8 / iOS 1-4
Configuring Windows SChannel Settings
If you are using a version of Windows SChannel that is compatible with TLS 1.2 and are unsure how to configure your client-side settings to ensure TLS compliance, a 3rd-party tool exists that can be used to help you enable or disable various system-wide options. For more information, click here.
CardConnect is not affiliated with this vendor. We are simply providing you with this information to further assist you in achieving TLS 1.2 compliance.
