TLS/Cipher Suite Uplift
Frequently Asked Questions
What is TLS?
Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems – you and Realex. It is used to authenticate one or both systems and protect the confidentiality and integrity of information that passes between systems.
Why are you ending support for TLS 1.0, 1.1 and uplifting cipher suite?
In order to continue to adhere to Security best practice regarding strong cryptography standards.
What is being updated and when?
Full details of upgrades taking place and relevant dates are listed at the end of this page.
How can I protect my company?
Migrating to TLS 1.2 is the only reliable method to ensure to continue to protect your business from emerging TLS protocol vulnerabilities.
How do I find out if my payments will continue to process after the removal of TLS 1.0, 1.1 and the weaker ciphers?
You or your developer will need to ensure you can process test transactions in our sandbox environment to verify you can successfully connect to Realex prior to the TLS/cipher suite change.
I take payments over the phone only using the Virtual Terminal or RealControl – Does this affect me?
All major up-to-date browsers will support TLS 1.2 and stronger ciphers. If you use our hosted applications, e.g. the Virtual Terminal or Real Control, we do not anticipate any interruption to your ability to access our services however you must verify you are using an up to date browser version (see table below for supported browsers).
I use the Hosted Payment Page to process my transactions. Will this affect my customers?
All major up-to-date browsers will support TLS 1.2 and stronger ciphers. With this in mind, we do not anticipate any interruption to your customers’ ability to access the payment screen as long as their browser is up to date(see table below for supported browsers).
|Google Chrome version 30+|
|Google Android OS browser version 4.1+||For the Android SDK, version 4.4+ is needed|
|Mozilla Firefox version 24+|
|Microsoft IE version 8+ (EXCLUDING Windows Vista, XP and earlier). Must be on Windows 7 or higher.||Note: With IE 8 and 9 – TLS 1.2 is disabled by default.|
|Microsoft IE Mobile Version 10+|
|Opera version 17+|
|Apple Safari version 7+|
|Apple Safari version 5+ (on IOS 5+)|
I’m using a Shopping Cart platform – Does this affect me?
If your website is fully hosted and maintained by your shopping cart provider, e.g. Shopify or ekmPowershop; we have contacted the most popular fully hosted carts to coordinate the changeover with them. However, we strongly advise you contact them yourself to ensure they are aware of these changes.
If a 3rd Party developer or agency manages your shopping cart and website, please ensure to contact them to notify them of this change and to ensure your site is ready in time.
If you or an in-house developer manages the hosting and maintenance of your shopping cart and website, please contact them and your hosting company to notify them of this change and to ensure your site is ready in time.
What is being updated and when?
Test Environment – 2nd March 2017
We are upgrading the test environment first so that you can test your system before we make the updates in the live environment. These upgrades will apply to the below Realex Payments Sandbox URLs and Ciphers listed at the end of this guide. Test cards are located on our Developer Hub.
|Hosted Payment Page 2||https://epage.sandbox.payandshop.com/epage.cgi1
1If you connect to Realex Payments using the https://epage.payandshop.com/epage.cgi URL – you must ensure you can successfully process test transactions on the below URL:
2 If you are accepting card details via HPP (Hosted Payment Page) – you will also need to ensure that your system has the ability to accept a HPP transaction response back from Realex Payments using TLS version 1.2 and one of the Ciphers listed above.
Live Environment Phase 1 Upgrades – Virtual Terminal and Real Control – 13th April 2017
We will be upgrading the Virtual Terminal and RealControl. From this date, the below URLs will support only TLS 1.2 and the 6 Recommended/Supported ciphers listed above.
The updates will apply to the following Realex Payments URLs:
Live Environment Phase 2 Upgrades – Hosted Payment Page and API – 8th August 2017
a) Hosted Payment Page:
We will be upgrading the Hosted Payment Page. The updates will apply to the following Realex Payments URLs:
Please note – If you are processing payments using our Hosted Payment Page (HPP), please ensure to carefully read the additional testing notes above regarding HPP. In order to ensure you can continue to process payments before and after the upgrade, you should enable TLS 1.2 and the new cipher suites while leaving the TLS version and cipher suites you currently support in place until we have made the uplift, on 8th August 2017. After the uplift is made, TLS 1.0 and 1.1 and any unnecessary ciphers can be removed.
We will be upgrading our API. The updates will apply to the following Realex Payments URLs:
If you are using our API integration, in order to ensure you can continue to process payments before and after the upgrade, you will need to enable new cipher suites and leave the current ones in place until we have made the uplift, on 8th August 2017. After the uplift is made, the additional ciphers can be removed.
From 8th August 2017, our Hosted Payment Page and API will support only TLS 1.2 and the 6 Recommended/Supported ciphers listed below.
Cipher Suite Uplift
Along with the discontinuation of support of TLS 1.0 and 1.1, this upgrade will also include the uplift of the cipher suite used for encryption. The table below outlines the Recommended and Supported Ciphers which will be available after the upgrade is completed.