TLS 1.0 withdrawal
From June 1st 2018 the 1.0 TLS protocol will not be usable with PayPlug.
This decision follows the announcement from the PCI-DSS security norm council which decided that the 1.2 TLS became the reference when it came to encrypted communication.
Consequently, the merchant using our platform, must ensure their server does support the 1.2 TLS.
What is TLS ?
TLS (Transport Layer Security) is a protocol allowing to encrypt the data transiting between servers, softwares, and networks applications. It is used by the customers' browser going on your website. It also allows to ensure data security, integrity and confidentiality, making sure no information could be intercepted maliciously.
TLS is the successor of the SSL protocole, to which it has been brought numerous improvements and among all more efficient algorithms.
The current version is the 1.2 and the work regarding 1.3 version, has been finalized.
The 1.2 norm use is essential in order to ensure data securing needing an encrypted transmission, for example the connection between your server and your PayPlug account.
The 1.0 TLS is unfortunately suffering security breaches that do not allow to ensure anymore the exchanged data integrity.
The TLS isn't a certificate but a protocol. It must be activated on your server, even if your website doesn't have a certificate. These are then 2 different things.
The TLS operation needs the OpenSSL presence on your server.
What is OpenSSL ?
OpenSSL is an encrypting toolbox. It allows the TLS protocol implementation on your server.
How to know my server has 1.2 TLS ?
You should check your server is set to "talk" in 1.2 TLS.
It is necessary that the HTTP customers who are calling the PayPlug server are able to communicate through this norm. Most of the time, the used HTTP customer is curl (through PHP). Curl is leaning on OpenSSL to encrypt exchanges.
More concretely, you must check the 7.2.1 libcurl versions and the 1.0.1 OpenSSL version installed on your server.
If you quickly want to test your server, you can put on your server the PHP page available here.This page will allow you to check this information. We strongly recommend you to delete this page once the test is done.
What should you do if your server doesn't support the 1.2 TLS ?
It is necessary for your server to be configured in a way it accepts the 1.2 TLS protocole.
Following your situation, you have two possibilities.:
- Case 1: you have an agency or a webmaster managing your website : We recommend you to contact the person in charge of your website in order to check with her your server is updated correctly, regarding the 1.2 TLS protocol activation.
Here is an example of email you can send to your agency or webmaster regarding the topic :
Hi,
We just received an email from PayPlug, our payment solution indicating that from the 1st June 2018, it won't be possible to communicate with their service using the 1.0 TLS protocole.
All the information is available on the following page.
Their team sent us an email to indicate us that our website was still using the 1.0 TLS and not the 1.2 or 1.3 TLS as advised.
Could you check your server and update it in order that everything could work after the 1st of June?
Sincerely,
- Case 2 : you manage your website yourself, and do not called in a provider : we recommend you to follow the recommendations issued below.
There are 2 types of hosting when it comes to a website :
Mutualized hosting
If you are on a mutualized hosting, you should go in your hosting's setting dashboard in order to check the settings regarding your OpenSSL version.
At OVH's, the OpenSSL version depends on the PHP version configured for your hosting. In order to have the last version available, it is compulsory to be in a "Stable" production mode.
Hosting via a dedicated server or a VPS
I you are on a dedicated server or a VPS, you will only have to update your OpenSSL version and to edit the server's configuration in order to refuse the customer's connections in a lower or equal version to the 1.0 TLS, to only keep the 1.2 TLS.
Please note that our PayPlug support team won't be able to assist you in this migration.