It’s time for TLS 1.2

On November 30, 2017, PayLane is switching to the latest encryption standard, which is TLS 1.2. We will no longer support TLS 1.1 or any older encryption, which means that browsers or API clients not supporting TLS 1.2 will no longer work after this date. The change is mandated by the Payment Card Industry Data Security Council (PCI DSS) and, as a business dealing with online payments, we are obliged to comply with it.

Why are we making the change?

First of all, we are not making this change alone. Every website that transmits or processes credit card data has to switch to TLS 1.2. You may not have heard about Transport Layer Security, or TLS for short, before, so here’s a quick explanation: it is the key encryption protocol (along with its counterpart, SSL) which makes sure the internet connection is secure. The secure connection prevents potential thieves from snooping and stealing your personal data. When you use an encrypted website, you can be confident, that all information you send and receive is unreadable to others. Encryption is virtually the most powerful protection, however sometimes it needs an update.

Hackers work day and night to spot even the slightest weakness in various encryption protocols. When they manage to find a vulnerability, those who keep a watchful eye on data safety, immediately improve encryption and replace older versions with the newer ones. The same thing happened to TLS 1.1. Although it’s one of the most widespread type of encryption, it’s not as strong and safe as it used to be, actually it’s considered dangerously weak. That’s why users of TLS 1.1, not mentioning older encryption versions, are strongly advised to upgrade it to TLS 1.2. We, as a company processing credit card information, do not hesitate to do that.

What does it mean for you?

Online safety is of the first importance to us, your convenience comes second. Because of those two, we avoid making potentially big changes, unless they are crucial. Our clients’ security and trust are paramount, so TLS 1.2 change is this crucial exception. But there is no need to worry because we’ll make it hassle-free for you.

In order to keep our integration and give you some time, we’re taking it slow. That’s why you have two months to update your encryption type to TLS 1.2. It is more than enough to do that and enjoy seamless payment transactions. What’s more, it may turn out that you don’t even have to lift your finger, because you already have TLS 1.2! Just have a look below to know, what you need to do.

What should you do?

If you’re using PayLane’s Secure Form, we have great news — you don’t need to do anything. We take care of everything!

If you’re using our API, make sure which version of TLS have you got on your server — if the version is older than 1.2, you need to upgrade it. If you’re not a server administrator, you should get in touch with the administrator or a hosting company — they will upgrade everything for you. However, if you administer the server, here’s a short step-by-step upgrade guide.

TLS 1.2 upgrade guide

Determine which Linux distribution you have: cat /etc/*-release

Next steps depend on your Linux version.

• Ubuntu 12.04 (Precise)

You should take package updates. Run sudo apt-get update && sudo apt-get install --only-upgrade openssl, after that, restart the system. It may be necessary to update libssl as well. In order to do that, run sudo apt-get update && sudo apt-get install --only-upgrade libssl-dev.

• Ubuntu 10.04 LTS (Lucid), 10.10 (Maverick), 11.04 (Natty), or 11.10 (Oneiric)

You need to upgrade the system to at least Ubuntu 12.04 (Precise). The easiest and safest way to do this is to rebuild your server.

• RedHat Enetrprise or CentOS

In case you have version 6, package updates are necessary. Run sudo yum update openssl libcurl and restart the system afterwards.

If your version is 5, we recommend you upgrade to RedHat Enterprise Linux 6 at least. The upgrade process is risky, so we advise you to rebuild your server instead.

• Debian

It’s necessary to upgrade to at least Debian 7.0 (Wheezy).

• Any other Linux distribution

Make sure that after running openssl version, you get at least 1.0.1. Otherwise, you need to take package updates and possibly upgrade to a newer version of your operating system.

• OS X

It’s advised to upgrade your OpenSSL version with brew.sh. Simply run brew install openssl to install the latest version of OpenSSL, next brew install python, brew install ruby, brew install php5, or brew install node to install a copy of your language managed by Homebrew. You also need to reinstall any dependencies you had installed before.

• Windows

Windows development environment equips you with your OpenSSL copy. The way to upgrade your copy is to upgrade your development environment itself, for example by installing/upgrading Python, Ruby, PHP or Node.

We hope our short guide helped you. Remember, you have to do the upgrade on November 30, 2017 at the very latest. As always, if you have any questions, don’t hesitate to get in touch.