- Overview
- What do I Need to Do?
- Will this Affect Integrations and API Connections?
- General Instructions on Upgrading to TLS 1.2
Overview
TLS (Transport Layer Security) is the protocol that provides connection security, authentication and the negotiation of encryption information between the browser and our servers. Early versions of TLS (versions 1.0 and 1.1) are no longer considered to be secure and PCI DDS requirements mandate that all early TLS versions must be disabled by June 30th, 2018 due to the many vulnerabilities associated with it. We are getting ahead of this deadline to allow you time to work through any issues with custom integrations and etc. Starting May 11, 2018, AmeriCommerce will begin the process of disabling early TLS connections. Once disablement occurs, apps and integrations still using insecure versions of TLS will no longer be able to connect to AmeriCommerce.
What do I Need to do?
Please update any software you use to connect to your store's API to use TLS 1.2 (or higher). If you're using an application or integration developed by a third-party, contact the third-party and ask if their app connection has TLS 1.2 enabled. If the third-party application is using an outdated TLS connection (1.0 or 1.1), request that they update their TLS connection as soon as possible. Any API Applications or Integrations using TLS 1.0 or TLS 1.1 will not be able to connect to AmeriCommerce and will stop working on May 11th. This applies to any application or integration that sends and receives data to and from AmeriCommerce.
For more information on upgrading connections to TLS 1.2, see: General Instructions on Upgrading to TLS 1.2.
Will this Affect Integrations and API Connections?
Yes! Please ensure that any software you use to connect to your store's API supports TLS 1.2 or you will not be able to connect. It is important to note that the majority of the TLS v1.0 connections are via our API. Please double check your software to ensure it supports TLS v1.2 or it will stop working after May 11th. Any API Applications or Integrations using TLS 1.0 or TLS 1.1 will not be able to connect to AmeriCommerce and will stop working on May 11th. This applies to any application or integration that sends and receives data to and from AmeriCommerce.
For more information on upgrading connections to TLS 1.2, see: General Instructions on Upgrading to TLS 1.2.
General Instructions on Upgrading to TLS 1.2
The specific steps involved in upgrading an application to use TLS 1.2 vary considerably depending on the programming language used to build the application and the infrastructure it runs on; however, in order to provide guidance to our clients, we've put together generic TLS troubleshooting and upgrading steps below.
Step 1: Determine the operating system on the server the application is on.
- Does this server's OS support TLS 1.2?
- If not, you may need to upgrade OS.
- If so, ensure TLS1.2 is enabled in your OS.
Step 2: Identify the integration technologies and frameworks used to develop the application.
- Do these support TLS 1.2? If not, you may need to upgrade.
- If so, ensure TLS 1.2 is enable in the configuration.
- Below are some examples of how to enable TLS 1.2 in .NET. If your application is built with a different language or technology, use your favorite search engine to find specific instructions on enabling TLS 1.2 (For example, search for: "How to enable TLS 1.2 in Java 7", if your application is built with Java 7).