Changes to PayPoint / Secpay / Pay360 encryption

Author	« Topic »
myraltis Advanced Member 190 Posts	Posted - 04/29/2018 : 11:38:16 I'm using Capita Pay360 (previously known as Paypoint or Secpay) on a couple of sites and have had notification from Capita that they are changing the encryption used: "TLS version 1.0 and 1.1 will no longer be supported by Pay360 from Wednesday 6th June 2018. To reiterate the encryption changes mentioned in the communication below, we need to increase the length of the key for ciphers that use Diffie-Hellman key agreement from 1,024 to 2,048 bits in order to ensure a higher level of cryptographic protection. Merchants will need to ensure their integrations can support this key length. Although we can monitor which TLS ciphers merchants are using, we have no way of knowing who will be able to support the increased DH key length so merchants are strongly advised to use our test endpoint to confirm they can support the increased key length before that time." They go on to say that: "Our test endpoints will be made available on Monday 30th April 2018 at which stage you can confirm that your integration will work with the newer TLS ciphers. Our new IP addresses will be announced thereafter." The hosting company say that TLS v2 is supported and they don't forsee technical problems, but have advised me to do the testing to be sure. Unfortunately, I have no idea how to test this new setup as I just ticked a box within ECT and added a few details to get the payment processor up and running a couple of years ago. Any advice on what to do would be gratefully received. Thanks, Tim
Andy ECT Moderator 95440 Posts	Posted - 04/29/2018 : 11:43:28 Hi Tim That's something you need to follow up with your host. Have a look here for some pointers https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=107642 Andy Please feel free to review / rate our software
myraltis Advanced Member 190 Posts	Posted - 04/29/2018 : 14:06:31 Thanks for the prompt reply Andy. I've followed the instructions in the link and got the following reponse in the browser: Testing URL: https://ipnpb.sandbox.paypal.com/cgi-bin/webscr RESULT: INVALID This is a good/correct result as it shows that communication with the PayPal server was successful and the transaction was of course rejected as invalid. I also followed Gary's link to the SSL Server Test and the results appear promising re. TLS v1.2 so I'm happy with that. I'm still unsure about "Merchants will need to ensure their integrations can support this key length". Has this now been proved by the steps above, or is there a specific test to run from the ECT cart? Tim
Andy ECT Moderator 95440 Posts	Posted - 04/30/2018 : 00:10:57 Good news on the TLS1.2 - sounds like you are fine there. I'll have to ask about the DH Key length as I'm not sure about that. Andy Please feel free to review / rate our software
Vince Administrator 42838 Posts	Posted - 04/30/2018 : 01:05:48 Hi Tim 2048 bit keys have been the standard for a long while now so I have no doubt that your host will support this. But when Capita Pay360 publish those test URL's I'll have a look at how to make the changes to use those and that would be the definitive way to make sure everything is going well. Vince Click Here for Shopping Cart Software Click Here to sign up for our newsletter Click Here for the latest updater
myraltis Advanced Member 190 Posts	Posted - 05/02/2018 : 09:40:19 Vince, I've just received a detailed email from Pay360 with what appears to be a test IP address amongst a lot of other info. Can I forward this to you? Tim
Vince Administrator 42838 Posts	Posted - 05/02/2018 : 09:47:24 Hi Tim Sure thing, send it to vince AT ecommercetemplates DOT com Vince Click Here for Shopping Cart Software Click Here to sign up for our newsletter Click Here for the latest updater
myraltis Advanced Member 190 Posts	Posted - 05/02/2018 : 10:55:46 Sent...
	« Topic »