TLS v1.0 and v1.1 to be Disabled on February 28th, 2018
As you may be aware, Authorize.net is disabling TLS v1.0 and v1.1 at the end of this month. More information about the disablement schedule is available here.
You may begin to see errors like the following if you have not already updated your system:
error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
We can help you solve this issue as well as provide security hardening or PCI compliance service for your server. Please call or email if we may be of service!
Checking for TLS v1.2 Support
Most modern Linux releases support TLS v1.2, however, it would be best to check to avoid a surprise. These tests should work on most any Linux version including SUSE, Red Hat, CentOS, Debian, Ubuntu, and many others.
PHP
To check your server, you can use this simple PHP script. Make sure you are running this PHP code from the same PHP executable that runs your website. For example, you might have PHP compiled from source and also have it installed as a package. In some cases, one will work and the other will not:
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://apitest.authorize.net');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
if (($response = curl_exec($ch)) === false) {
$error = curl_error($ch);
print "$error\n";
}
else {
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
print "TLS OK: " . strlen($response) . " bytes received ($httpcode).\n";
}
curl_close($ch);
?>
Perl
As above, make sure that you are using the same Perl interpreter that your production site is using or you can end up with a false positive/false negative test. If you get output saying “403 – Forbidden: Access is denied” then it is working because TLS connected successfully.
# perl -MLWP::UserAgent -e 'print LWP::UserAgent->new->get("https://apitest.authorize.net")->decoded_content'
Can't connect to apitest.authorize.net:443
LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version at /usr/lib/perl5/vendor_perl/5.10.0/LWP/Protocol/http.pm line 57.
OpenSSL/Generic
To check from the command line without PHP, you can use the following which shows a failed TLS negotiation:
# openssl s_client -connect apitest.authorize.net:443
CONNECTED(00000003)
30371:error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version:s23_clnt.c:605
Other Languages
If you use any language, we can help verify that your application is set up to work correctly. Just let us know and we can work with you directly. I hope this post helps, please comment below!
-Eric