TLS Upgrade Notification – What You Need to Know
On March 14, 2019, VeriCheck Inc. websites will no longer support SSL, TLS 1.0 or TLS 1.1 over HTTPS which means older browsers or API clients that do not support TLS 1.2 will no longer work after this date. This includes all URL’s and domains owned and operated by VeriCheck Inc., specifically vericheck.com, evericheck.com and evericheck2.com.
This change is in recognition of website security best practices. It has also been mandated by the PCI Security Council for all merchants and service providers processing or transmitting credit card data, so you may already have implemented these changes at your company.
We also wanted to give you as much notice as possible in the event your IT team needs to upgrade browsers or make changes to your applications, if required (See “How to Test” below).
Why are we making this change?
You may have heard of these vulnerabilities by some of their better-known names such as Heartbleed, Poodle, Freak and Beast. These vulnerabilities concern the weak encryption of sensitive data transmission over the internet, which may allow unauthorized parties to view the data. All versions of SSL, and versions of TLS before TLS 1.2 have been explicitly identified as no longer being a strong form of encryption because they are vulnerable to many known attacks.
This is not an action that Vericheck is taking alone. For example, EVERY website that transmits or processes credit card data will be making this change. If you or your customers are using an insecure or unsupported browser or API client, you will find that all secure websites will stop working very soon.
How do I know if I’m affected?
Most browsers have supported TLS for at least the last few years, so end-users are unlikely to be affected by this change. The biggest impact is likely to be felt by API users with very old libraries.
A comprehensive list of browsers and the version supported is available here:
https://www.ssllabs.com/ssltest/clients.html
How to Test
Point your browser, API client, or code to https://tlscheck.vericheck.com
You should expect to see “Connection OK” (with a 200 response code)
If you see that, then you have successfully connected and are all set
If your client throws an SSL, TLS, Connection, or Negotiation error, then you will need to upgrade your language or library in order to remain compatible
API Library Support
If you have code that connects with the VerCheck API, you must ensure that it will continue to work after March 14, 2019. Each language and library is different, however we’ve identified the popular ones that may be of concern.
These languages will need significant changes/upgrades in order to work:
Java 6u45 / 7u45
.NET before 4.5 (does not support TLS 1.2)
.NET 4.5 (must be have setting changed to explicitly enable TLS 1.2)
OpenSSL 0.9.8
Most dynamic languages such as Ruby, PHP, & Python rely on the underlying operating system’s OpenSSL version. You can check it by running the command openssl version. Version 1.0.1 in the minimum required.
We would be happy to help you ensure compatibility in any way we can. However, please keep in mind that we are not experts in every language or framework and so we aren’t able to test or fix your code for you.
Browser Support
Most browsers have supported TLS 1.2 for several years.
The following browsers DO NOT support TLS 1.2 and will no longer work.
Google Chrome 29
Firefox 26
Internet Explorer 10
Safari 8
iOS 4
Android 4
Further Reading & Resources
http://blog.securitymetrics.com/2015/04/pci-3-1-ssl-and-tls.html
https://www.ssllabs.com/ssltest/clients.html
https://www.howsmyssl.com/
We are here to help
If you have any questions about this change or have any concerns, please feel free to reach out to VeriCheck Customer Support at 404-872-4585 or support@vericheck.net.