Yes, PayJunction currently supports TLS 1.2. Although, TLS 1.2 is not required yet for connections to our production servers.
According to existing PCI Security Standards:
- All processing and third party entities – including Acquirers, Processors, Gateways and Service Providers must provide a TLS 1.1 or greater service offering by June 2016.
- All entities must cutover to use only a secure version of TLS (as defined by NIST) effective 30 June 2018.
As we get closer to the June 2018 cut-off date, PayJunction will monitor production usage to determine when we can require TLS 1.2 to be the minimum protocol version. We will send notification once we have determined a cutover date and we will work closely with our merchants to ensure that we minimize the impact to our customers with the use of our service.
Why is TLS 1.1 not the Minimum?
- From our statistics, less than a fraction of 1% of the connections use TLS 1.1... simply put, in reality, no one uses TLS 1.1.
- TLS 1.1 is essentially already deprecated.
- If you’re going to take the time to code something new, we recommend using the most up-to-date protocol of TLS 1.2.
- General industry best practice.
TLS 1.2 Required for Development (PayJunctionLabs.com)
As of June 17, 2016, TLS 1.2 is required in order to establish an API connection and in order to login to the test account.
If you are receiving TLS/SSL errors when attempting to reach payjunctionlabs.com, please ensure that your server and/or browser is supporting TSL 1.2 or greater.
Minimum Required Version Browsers for PayJunctionLabs.com
- IE7 on Windows Vista (Windows XP not supported)
- Google Chrome on Windows Vista or OS X 10.5.7
- Safari 3.0 on Windows Vista or Mac OS X 10.5.6
- Moxilla Firefox 2.0
- Opera 8.0 (with TLS 1.1 enabled)
- BlackBerry 10
- Windows Phone 7
TLS Fallback Prevention
If a connection is established with TLS 1.2, then nothing will allow that connection to be downgraded to an earlier version of TLS (provided your code or browser also supports TLS fallback prevention)
Thus, you can ensure that your connection is only using TLS 1.2 by making sure your system supports TLS 1.2 with fallback prevention (regardless of other customer connections to PayJunction).