PlugNPay TLS 1.2 Ciphers Retirement: September 30th, 2022
RecTrac 3.1.10.12.00
Table of Contents
Problem
Due to internet security's volatile nature, we are required to continually adjust our environment to protect our systems from attackers.
To maintain our systems security, we will be disabling the following TLS 1.2 ciphers on Sept 30th, 2022:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CCM
TLS_RSA_WITH_AES_128_CCM_8
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CCM
TLS_RSA_WITH_AES_256_CCM_8
TLS_RSA_WITH_AES_256_CBC_SHA256
At which time, only these TLS 1.2 ciphers will remain supported:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Error Message
Unable to communicate with PlugNPay at this time! There is a communication issue between your transaction server and the PlugNPay server when trying to reach https://pay1.plugnpay.com/payment/pnpremote.cgi. Contact your IT department to troubleshoot the communication issue and verify the gateway status with PlugNPay Support.
Solution
Usually, when an HTTPS URL is called, the requesting system negotiates with the server being called, and selects/uses the most secure encryption cipher that the requesting system can support, for that given request.
However, in some cases, use of older APIs &/or dated operating systems (such as earlier versions of Windows) may rely on older encryption cipher suites, which can no longer invoke a secure encryption cipher.
As such, when more secure ciphers are required than what the requesting system can support, the given API/system no longer can communicate properly with our gateway.
There are several versions of Windows we believe to be affected by this cipher issue, which include (along with all Windows editions listed above):
Windows Server 2012 R2
Windows 8.1
Windows Server 2008 R2
Windows 7
Windows Vista
Windows Server 2003
Windows XP
Windows XP Embedded
Windows CE
Potentially, some Unix/Linux servers running older versions of OpenSSL and/or other related encryption suites could also be affected, if said encryption suite is not kept current.
Test all your gateway accounts following a Windows upgrade.
Steps For Solution
- From your RecTrac menu, navigate to Management, System Management, Profile Management (or search for Profile Management in the search bar), and sort the DataGrid to display the credit card profiles.
- Update the appropriate WebExpress profile(s) and then test transactions.
- If everything works normally, then your API integration to the payment gateway will continue to function after the given deadline.
- ***You can now change back to https://pay1.plugnpay.com.***
- However, if you experience issues while testing, please contact PlugNPay Support.