Security Protocol Update to TLS v1.2
Merchants on the E-xact Gateway are required to update their browser's security protocol to TLS v1.2 by the dates shown below. After these dates, TLS v1.0 and v1.1, and all SSL protocol suites (v3 and lower) will no longer be supported on the E-xact Gateway; to ensure uninterrupted service on the E-xact Gateway merchants must update their security protocol. On January 18th, 2018, merchants can begin to test in the Demo environment.
Merchants using the E-xact Gateway environments showing below who have upgraded their browsers in anticipation of the upgrade should continue accessing the E-xact Gateway respective environments on and after the updates.
Failure to update your systems (software, browser and/or hardware) to TLS v1.2 by the below dates will result in merchants being unable to access the E-xact Gateway environments:
- January 18th, 2018 - Demo Environment
- May 16th, 2018 - Production Environment
All E-xact merchants must update their software, browser and hardware to support security protocol TLS v1.2 by the above dates. To minimize service disruption, please make the necessary changes recommended below.
- API – users must test their integration to ensure it can support TLS v1.2 OR update their integration to support TLS v1.2
- RPM – users must update their browser or install a newer version.
- Hosted Payment Page – cardholders must update their browser or install a newer version.
Please ensure this information reaches the appropriate IT contacts in your organization. Please direct questions to the E-xact Support Desk at 'email@example.com'.
Why is the TLS v1.2 Upgrade required?
The National Institute of Standards and Technology (NIST) identified early versions of Transport Layer Security (TLS), as weak secure network communication protocols that are not acceptable for the protection of data due to inherent weaknesses.
PCI Standards document: