TLS Disablement

For general questions and discussions specific to the AbleCommerce 7.0 Asp.Net product. TLS Disablement

Postby sweeperq » Wed Aug 23, 2017 2:31 am

February 2018 is disabling TLS 1.0 and TLS 1.1 connections to their API in order to remain/become PCI-compliant. TLS is a protocol used to transport information securely over the internet. It is utilized in the Payment Gateway when connecting to via HTTPS in order to pass credit card information and receive transaction responses. This matters to AC7 merchants because the software runs on 2.0 which does not support TLS 1.2.

To see if this will be an issue for you, create a .aspx page on your site with the following code:

Code: Select all
<%@ Page Theme="" Language="C#" %>
<!DOCTYPE html>
<script runat="server">
    public void Page_Load(object sender, EventArgs e)

    public void TestSSL()
        var test_servers = new Dictionary<string, string>();
        test_servers["SSL 2"] = "";
        test_servers["SSL 3"] = "";
        test_servers["TLS 1.0"] = "";
        test_servers["TLS 1.1"] = "";
        test_servers["TLS 1.2"] = "";

        var output = new StringBuilder();

        foreach(var item in test_servers)
            HttpWebRequest req = null;
            output.Append("<br /><strong>" + item.Key + ":</strong> ");
                req = (HttpWebRequest)WebRequest.Create(item.Value);
                req.Method = "POST";
                HttpWebResponse resp = (HttpWebResponse)req.GetResponse();
                output.Append("true - ");
                output.Append("Status " + resp.StatusCode);
            catch (Exception ex)
                output.Append("false - " + ex.Message);
            litSupported.Text = output.ToString();

<html xmlns="">
<head runat="server">
    <form id="form1" runat="server">
        <asp:Literal ID="litSupported" EnableViewState="false" runat="server" />

This script connects to SSL Labs via HTTPS on the server side to determine which protocols are enabled. SSL2 and SSL3 have been defunct for a while now. TLS 1.0 and TLS 1.1 are what will be affected by the change. If TLS 1.2 returns false, you will have an issue.

Fortunately, we were using a fully patched Windows Server 2012 and have .Net 4.5+ installed. So the work around wasn't that painful. We added the following code to Global.asax to enable TLS 1.2, and left TLS 1.1 and TLS 1.0 enabled in case it is required by other web services we utilize that aren't affected by PCI:

Code: Select all
protected void Application_Start(Object sender, EventArgs e)
        System.Net.ServicePointManager.SecurityProtocol =
            (System.Net.SecurityProtocolType)(System.Security.Authentication.SslProtocols)0x00000C00 | // TLS 1.2
            (System.Net.SecurityProtocolType)(System.Security.Authentication.SslProtocols)0x00000300 | // TLS 1.1
            SecurityProtocolType.Tls;                                                                  // TLS 1.0

If you run the first .aspx page again, you will hopefully see true next to TLS 1.2.
Commodore (COMO)
Commodore (COMO)
Posts: 494
Joined: Tue Jan 03, 2006 2:45 pm

Re: TLS Disablement

Postby Katie » Thu Aug 24, 2017 1:42 am

Thanks for posting this. We also have a document in our help site that might provide some additional helpful info - ... ls_1.2.htm

Thank you for choosing AbleCommerce! - product support - developer support
User avatar
AbleCommerce Admin
AbleCommerce Admin
Posts: 2606
Joined: Tue Dec 02, 2003 1:54 am

Return to AbleCommerce 7.0 Asp.Net Shopping Cart

Who is online

Users browsing this forum: Google [Bot] and 8 guests