TLS Upgrade Warning
In order to improve our security on services, PAYSBUY would like to inform that on February 28, 2017, we will only be supporting TLS 1.2 and we will no longer support SSL 3.0 or any earlier versions. We do currently support all TLS versions, but at the end of February 2017 our systems will no longer support TLS 1.0 or TLS 1.1. Any older browsers or API clients that do not support TLS 1.2 will no longer work after this date. Merchants and users have to update Internet browser and API Code to the latest version to support TLS 1.2.
What is TLS 1.2?
TLS 1.2 is a protocol that provides privacy and data security in the transmission of confidential information between users and service providers by encryption. TLS 1.2 is widely accepted by banks and financial institutions. Typically, data that communicates on the internet is not safe and easy to attack. We have to update to TLS 1.2 in order to protect sensitive data such as credit card information from third parties.
Why are we making this change?
The Bank of Thailand sets the rules on which technologies are acceptable for use in transmitting sensitive data. They have explicitly identified TLS 1.0 as no longer being a strong form of encryption because it is vulnerable to many known attacks.
How do I know if I’m affected?
Most browsers have supported TLS for at least the last few years such as Google chrome, Firefox, Internet Explorer, so end-users are unlikely to be affected by this change. The biggest impact is likely to be felt by API users with very old libraries.
A comprehensive list of support is available here: https://www.ssllabs.com/ssltest/clients.html
How to Test a browser:
- Point your browser tohttps://www.howsmyssl.com
- You should see test result;
- If you see “Your SSL client is Probably OK”, then you have successfully connected and are all set
- If not, then you will need to upgrade your browser.
How to Test an API:
- Point your browser to https://www.howsmyssl.com/a/check
- You should expect to see a 200 – Connection OK response, along with a JSON string with the tls_version at the end.
- If you see "tls_version":"TLS 1.2" at the end of the JSON then you are OK
- If you see any other TLS version then you will need to update your API or server.
API Library Support
หากคIf you have code that connects with the Paysbuy API, you must ensure that it will continue to work after 28 February 2017. Each language and library is different, but we’ve identified the popular ones that may be of concern.
These languages will need significant changes/upgrades in order to work:
- Java 6u45 / 7u45
- .NET before 4.5 (does not support TLS 1.2)
- .NET 4.5 (must be have setting changed to explicitly enable TLS 1.2)
- OpenSSL 0.9.8
Most dynamic languages such as Ruby, PHP, & Python rely on the underlying operating system’s OpenSSL version. You can check it by running openssl version. 1.0.1 is the minimum required.
You can test your web server to check that it supports TLS1.2 from here - https://www.ssllabs.com/ssltest/
Current browser versions that supported TLS 1.2:
- Google Chrome 55
- Firefox 50
- Internet Explorer 11
- Safari 10
- iOS 10
- Android 7.1
Non-Working browser versions:
- Google Chrome 29
- Firefox 26
- Internet Explorer 10
- Safari 8
- iOS 4
- Android 4.2
Further information can be found here: https://en.wikipedia.org/wiki/Transport_Layer_Security - Web_browsers
Merchants using CMS Systems
If you use Paysbuy from either Magento, OpenCart, WooCommerce, PrestaShop, HikaShop or VirtueMart, then you should be fine. These systems support TLS 1.2 in the recent versions, so there should be nothing you need to do. The Paysbuy plugin does not depend on any components that affect the TLS version, so as long as you are using the most up-to- date version, you should not see any issues.
Further Reading & Resources:
- http://blog.securitymetrics.com/2015/04/pci-3- 1-ssl- and-tls.html
Language Specific Instructions
- .NET 4.6: TLS 1.2 is used automatically. No changes are necessary.
- .NET 4.5: The SecurityProtocolType needs to be changed to Tls12 (using the SecurityProtocol Setter)
- .NET 4.0: TLS 1.2 is supported, but there’s no named SecurityProtocolType enumeration. Use (SecurityProtocolType)3072.
- .NET 3 and below: Must be upgraded to 4.5
- You should set the ProtocolType property of ChargifyConnect to the values from above:
You can check if PHP will work with the following script:
You should see TLS 1.2 and OpenSSL version of at least 1.0.1
For further information and support, please contact us
|Primary contact: Business days (8:00 A.M. to 6:00 P.M.)||+662-1605-463 to 5|
|After hours||Email : firstname.lastname@example.org
Call center : +662-296-9965