Transport Layer Security (TLS) is an encryption protocol used to communicate between systems, which superseded the Secure Sockets Layer (SSL) protocol in 2000. TLS v1.0 has in turn been superseded by TLS v1.1, TLS v1.2 and TLS v1.3.
Per PCI DSS v3.1 and v3.2, SSL and early TLS (TLS v1.0 or TLS v1.1) are no longer considered strong encryption protocols, due to vulnerabilities in these protocols to which there are no fixes. TLS v1.2 and TLS v1.3 are currently PCI compliant.
Customers are required to support at least TLS v1.2 for their connection to the Open Payment Platform. TLS v1.0 and v1.1 are disabled since 2018. Customers who do not support at least TLS v1.2 will no longer be able to connect to the service. The list of ciphers that are supported is available below. Customers need to support one of the available ciphers from this list to continue connecting to the Open Payment Platform.
TLS v1.0 and TLS v1.1 are disabled for all online business tools, and for the eSupport portal. Customers are required to use a TLS v1.2 or TLS v1.3 compatible browser to ensure they can continue to access our online tools. It is recommended to choose TLS v1.3 as tests have shown that this can be up to 15% faster on the TLS Handshake.
If your connection to the Open Payment Platform uses TLS v1.1 or earlier, you will need to update your own systems to ensure that you are connecting using TLS v1.2 or TLS v1.3. Due to the vulnerabilities in older protocols, it is suggested that these changes are made as soon as possible. Below is a list of ciphers that are supported. Your organization will need to verify that your systems support one of the available ciphers from this list to continue connecting to the Open Payment Platform.
TLS v1.3 (suites in server-preferred order)
TLS v1.2 (suites in server-preferred order)
If your organization is not able to upgrade to TLS v1.2 or TLS v1.3 the service will no longer be able to connect to the Open Payment Platform . It is suggested that your organization test transactions in the UAT environment. Testing will ensure that your connection is successful or not.
If you are using TLS v1.2 for communication, the cipher suite compatibility needs to be verified, see above. If your organization is already connecting to the Open Payment Platform using TLS v1.3, and already using a TLS v1.3 compatible browser, no action should be required.
Every application implements ciphers and TLS versions differently.
List of not supported server to server connection (merchant configuration):
Recommended action: test from your test system (the call needs to come from the library/software you use on your system to connect to the Open Payment Platform) In case you do not have a test system, please integrate a test call in your Production system towards https://eu-test.oppwa.com/ (Open Payment Platform UAT Environment) and see if it is successful. In case you can connect fine, the next step is to update the Production systems domain to https://eu-prod.oppwa.com/
List of not supported browser configuration (shopper):