At Merchant Partners the security of customer information is one of our highest priorities. To make sure we stay ahead of potential security risks, we are making updates that will protect the security of our service.
This article is intended for 3rd Party Developers, Private Labeled Gateway Owners and Value-Added Resellers (VARs) who code Gateway, Middleware and/or Point-of-Sale (POS) solutions directly to Merchant Partners Online Merchant Center.
The Payment Card Industry Security Standards Council (PCI SSC) has communicated that some implementations using early versions of Transport Layer Security (TLS, version 1.0 and 1.1) have vulnerabilities (i.e., POODLE, Freak, Heartbleed related compromises) and have mandated the removal of TLS v1.0 / 1.1 from payment processing environments by June 30, 2018.
The PCI SSC and Merchant Partners strongly recommend you complete remediation efforts and merchant upgrades well in advance of the 2018 deadline, to limit vulnerabilities, potential compromise(s) and/or impacts to merchant processing environments. Doing so will also aid in reducing merchant concerns and calls to your organization, as some browser-providers (e.g., Microsoft, Apple, Google, etc.) are alerting end-users who connect to a website with a SHA-1 certificate that the website is “insecure as of 2016”; and / or are considering the discontinuation of support for SSL v3.0 and TLS v.1.0 in advance of the 2018 PCI deadline.
To continually offer the latest technology and to enable PCI DSS compliance for our customers, Merchant Partners will be discontinuing support of TLS 1.0 / 1.1 on February 1st, 2018 and will:
- Require all applications currently in certification and all new or enhanced applications to support TLS v1.2 and approved TLS 1.2 cipher suites as of August 2017
- Remove and discontinue support for SSL v3.0, TLS v1.0, TLS v1.1 and previously supported cipher suites from its Production environments February 2018
To assist you in testing your applications against TLS 1.2 we have setup a dedicated server supporting only TLS 1.2. To test your application, replace your current transaction processing url (ie: trans.merchantpartners.com) with https://trans.gwtx02.com
If you have any questions or require additional information please contact support at firstname.lastname@example.org or 866-242-9933.
TLS 1.2 Approved Cipher Suites (In Server preferred order)
- LS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS
- TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS
- TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)
- TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)
- TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS
- TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)
- TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)