Authorize.net TLS Disablement

For general questions and discussions specific to the AbleCommerce 7.0 Asp.Net product.
Post Reply
sweeperq
Commodore (COMO)
Commodore (COMO)
Posts: 497
Joined: Tue Jan 03, 2006 2:45 pm

Authorize.net TLS Disablement

Post by sweeperq » Wed Aug 23, 2017 2:31 am

February 2018 Authorize.net is disabling TLS 1.0 and TLS 1.1 connections to their API in order to remain/become PCI-compliant. TLS is a protocol used to transport information securely over the internet. It is utilized in the Payment Gateway when connecting to Authorize.net via HTTPS in order to pass credit card information and receive transaction responses. This matters to AC7 merchants because the software runs on ASP.net 2.0 which does not support TLS 1.2.

To see if this will be an issue for you, create a .aspx page on your site with the following code:

Code: Select all

<%@ Page Theme="" Language="C#" %>
<!DOCTYPE html>
<script runat="server">
    public void Page_Load(object sender, EventArgs e)
    {
        TestSSL();
    }

    public void TestSSL()
    {
        var test_servers = new Dictionary<string, string>();
        test_servers["SSL 2"] = "https://www.ssllabs.com:10200";
        test_servers["SSL 3"] = "https://www.ssllabs.com:10300";
        test_servers["TLS 1.0"] = "https://www.ssllabs.com:10301";
        test_servers["TLS 1.1"] = "https://www.ssllabs.com:10302";
        test_servers["TLS 1.2"] = "https://www.ssllabs.com:10303";

        var output = new StringBuilder();

        foreach(var item in test_servers)
        {
            HttpWebRequest req = null;
            output.Append("<br /><strong>" + item.Key + ":</strong> ");
            try
            {
                req = (HttpWebRequest)WebRequest.Create(item.Value);
                req.Method = "POST";
                HttpWebResponse resp = (HttpWebResponse)req.GetResponse();
                output.Append("true - ");
                output.Append("Status " + resp.StatusCode);
            }
            catch (Exception ex)
            {
                output.Append("false - " + ex.Message);
            }
            litSupported.Text = output.ToString();
        }
    }
</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
        <asp:Literal ID="litSupported" EnableViewState="false" runat="server" />
    </form>
</body>
</html>
This script connects to SSL Labs via HTTPS on the server side to determine which protocols are enabled. SSL2 and SSL3 have been defunct for a while now. TLS 1.0 and TLS 1.1 are what will be affected by the Authorize.net change. If TLS 1.2 returns false, you will have an issue.

Fortunately, we were using a fully patched Windows Server 2012 and have .Net 4.5+ installed. So the work around wasn't that painful. We added the following code to Global.asax to enable TLS 1.2, and left TLS 1.1 and TLS 1.0 enabled in case it is required by other web services we utilize that aren't affected by PCI:

Code: Select all

protected void Application_Start(Object sender, EventArgs e)
    {
        System.Net.ServicePointManager.SecurityProtocol =
            (System.Net.SecurityProtocolType)(System.Security.Authentication.SslProtocols)0x00000C00 | // TLS 1.2
            (System.Net.SecurityProtocolType)(System.Security.Authentication.SslProtocols)0x00000300 | // TLS 1.1
            SecurityProtocolType.Tls;                                                                  // TLS 1.0
    }
If you run the first .aspx page again, you will hopefully see true next to TLS 1.2.

User avatar
Katie
AbleCommerce Admin
AbleCommerce Admin
Posts: 2651
Joined: Tue Dec 02, 2003 1:54 am
Contact:

Re: Authorize.net TLS Disablement

Post by Katie » Thu Aug 24, 2017 1:42 am

Thanks for posting this. We also have a document in our help site that might provide some additional helpful info -

http://help.ablecommerce.com/index.htm# ... ls_1.2.htm

Katie
Thank you for choosing AbleCommerce!

http://help.ablecommerce.com - product support
http://wiki.ablecommerce.com - developer support

Post Reply