WebsiteStatusSupportPostman workspacePricingDocumentation hub survey
Documentation
RSS feedSign up
Start typing to search…
  1. Server-to-Server, Mobile SDK, and COPYandPAY
  2. Support

TLS FAQ

What is TLS

Transport Layer Security (TLS) is an encryption protocol used to communicate between systems, which superseded the Secure Sockets Layer (SSL) protocol in 2000. TLS v1.1, TLS v1.2, and TLS v1.3 have superseded TLS v1.0.

Per PCI DSS v3.1 and v3.2, SSL and prior TLS (TLS v1.0 or TLS v1.1) are no longer considered strong encryption protocols, due to vulnerabilities in these protocols to which there are no fixes. TLS v1.2 and TLS v1.3 are PCI compliant.

How does it impact me

To connect to the Peach Payments platform, merchants must support at least TLS v1.2. Peach Payments discontinued TLS v1.0 and v1.1 in 2018. Merchants who fail to support at least TLS v1.2 can no longer connect to the service. To continue accessing Peach Payments' online tools, merchants must use a browser compatible with TLS v1.2 or TLS v1.3. You should use TLS v1.3, as tests show it can improve TLS handshake speeds by up to 15%.

What should my organisation do if it does not support TLS v1.2

If your connection to the Peach Payments platform relies on TLS v1.1 or an earlier protocol, you must update your systems to connect using TLS v1.2 or TLS v1.3. Due to vulnerabilities in older protocols, Peach Payments strongly suggests making these changes as soon as possible. Below is a list of supported ciphers, and your organisation must verify that its systems support one of these ciphers to continue connecting to the Peach Payments platform.

TLS v1.3 (suites in server-preferred order)

  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_GCM_SHA256

TLS v1.2 (suites in server-preferred order)

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
📘

If your organisation cannot upgrade to TLS v1.2 or TLS v1.3, the service cannot connect to the Peach Payments platform. Your organisation should test transactions in the sandbox environment to confirm whether the connection is successful.

If I am already using TLS v1.2 or TLS v1.3, do I need to do anything

If you use TLS v1.2 for communication, verify the cypher suite compatibility as outlined above. If your organisation connects to the Peach Payments platform using TLS v1.3 and a TLS v1.3-compatible browser, you do not need to take any action.

Compatibility

Every application implements ciphers and TLS versions differently.

The list of unsupported server to server connections is below:

  • Java 6u45 and anything before
  • Java 7u25
  • OpenSSL 0.9.8y
📘
  • Test from your sandbox environment. The request needs to come from the library or software you use on your system to connect to the Peach Payments platform.
  • If you do not have a sandbox environment, integrate a test call in your production environment towards https://sandbox-card.peachpayments.com/ and see if it succeeds.
  • If you can connect, the next step is to update the production environment domain to https://card.peachpayments.com/.

The list of unsupported browser configurations for shoppers is:

  • Safari 6 / iOS 6.0.1
  • Safari 7 / iOS 7.1
  • Safari 8 / iOS 8.4
  • Safari 5.1.9 / OS X 10.6.8
  • Safari 6.0.4 / OS X 10.8.4
  • Safari 7 / OS X 10.9
  • Safari 8 / OS X 10.10
  • Android 2.3.7
  • Android 4.0.4
  • Android 4.1.1
  • Android 4.2.2
  • Android 4.3
  • Baidu Jan 2015
  • Internet Explorer 6 / XP
  • Internet Explorer 7 / Vista
  • Internet Explorer 8 / XP
  • Internet Explorer 8-10 / Win 7
  • Internet Explorer 10 / Win Phone 8.0
  • Internet Explorer 11 / Win Phone 8.1 R

Updated about 7 hours ago