Authorize.Net TLS 1.0/1.1

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
6 years ago
nopCommerce Version: 3.90

Hello.

We received an email yesterday from Authorize.Net informing us of the phasing out of TLS1.0/1.1 in order to meet the requirements of the new PCI DSS regulations. I poked through our store and some documentation but I was unable to located what version of TLS our site is using. From what I can tell, it doesn't look like we have the Authorize.Net plugin installed. The only area I see a reference to Authorize.Net is Configuration > Payment > Payment Methods. From there I select Payments.AuthorizeNet.

Can someone enlighten me as to what TLS version we may be using?

Thanks!
0
6 years ago
nop 3.90 supported tls 1.2

===> you will see the following
Under global.asax.cs file.

\Nop.Web\Global.asax.cs

protected void Application_Start()
        {
     
 //most of API providers require TLS 1.2 nowadays
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

......
}


So,I think you don't worry about this.
+1 If answare is helpful to you.

I am passionate about new ideas and new way of thinking :-)

Cheers,
Smiten Kalathiya
1
6 years ago
We are using NOP 3.5 on web app in Azure (no source code). How do we upgrade our Authorize.net plugin to TLS 1.2?
0
6 years ago
saladrigas wrote:
We are using NOP 3.5 on web app in Azure (no source code). How do we upgrade our Authorize.net plugin to TLS 1.2?


Hi,

Since you are not using the source version of nopCommerce, you could try the following:

Add this code to your Global.asax

<%@ Application Language="C#" Inherits="Nop.Web.MvcApplication" %>
<script runat=server>
void Application_Start(object sender, EventArgs e)
{
  // This script gets called after Global's constructor.
  ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
}
</script>


Failing that, the other option is to modify the plugin's source code, re-compile it and add back to your project.

Authorize.net GitHub:
https://github.com/nopSolutions/Authorize.Net-plugin-for-nopcommerce

Regards

Craig
0
6 years ago
Does anyone know how to completely disable TLS1.0 and/or other unwanted protocols?

A site I'm currently working on is nop3.9, has the code line referenced above that sets it to TLS12, but is still getting dinged in PCI testing for having TLS1.0 enabled. When I scan the site myself with www.ssllabs.com/ssltest, the report shows that TLS 1.0, 1.1, and 1.2 are enabled.

Thanks!
0
5 years ago
Disabling TLS is done on the server -- not by the application. You will need to contact the hosting service and ask them to disable TLS 1.0. You might as well ask them to disable DES and 3DES while they are at it.
0
5 years ago
And just because NopCommerce supports 1.2 doesn't mean its even installed on the server unless it's one of the newer flavours.
0
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.