ExpertTexting uses HTTPS to securely exchange sensitive data such as credit cards/Paypal payments processing and allowing API Access for integration purposes. To encrypt these communications, we use the Transport Layer Security (TLS) protocol.
TLS 1.2 is one of the most secure versions of SSL/TLS protocol that is designed to prevent eavesdropping, tampering, or message forgery. ExpertTexting now requires TLS 1.2 in order to ensure the continuous security adhere to industry best practices.
All API Customers must update their software, browser and hardware to support security protocol TLS v1.2.
The PCI Security Council sets the rules on which technologies are acceptable for use in transmitting cardholder data. They have explicitly identified TLS 1.0 & TLS 1.1 as no longer being a strong form of encryption because they are vulnerable to many known attacks.
This is not an action ExpertTexting is taking alone. EVERY website that transmits or processes credit card data will be making this change. If you are using an insecure or unsupported browser or API client, you will find that all secure websites will stop working very soon.
From March 01 2018, the ExpertTexting API and it’s web portal will require TLS v1.2 in order to ensure the continuous security adherence to industry’s best practices.
Most browsers have supported TLS 1.2 for several years.
The following browsers DO NOT support TLS 1.2 and will no longer work.
Version = JDK/JRE 7 Client (Yes, but support for TLS v1.2 must be enabled manually)
Version = JDK/JRE 7 Server & above (Yes, TLS v1.2 is enabled by default)
Version = JDK/JRE 6 or below (Not supported)
Your Open SSL version must be 1.0.1 or higher.
SecurityProtocolType
enumeration. Use (SecurityProtocolType)3072
.TLS 1.1 and TLS 1.2 are supported since OpenSSL 1.0.1
Forcing TLS 1.1 and 1.2 are only supported since curl 7.3.4
Reference URL for CURL Options: https://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html
If you are using older versions of PHP or OPENSSL use following command to update packages.
yum update nss curl openssl
After the updates you should see that cURL is working with TLS greater than 1.0. Simple test code:
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, “https://www.howsmyssl.com/a/check”);
curl_setopt($ch, CURLOPT_SSLVERSION, 6); // TLS 1.2
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);$tlsVer = json_decode($response, true);
echo “<h1>Your TSL version is: <u>” . ( $tlsVer[‘tls_version’] ? $tlsVer[‘tls_version’] : ‘no TLS support’ ) . “</u></h1>”;
In case the workaround doesn’t work, please try to update your Operating System to the newer version.
Ruby uses the system openssl. OpenSSL v0.9.8 will no longer work, but later versions work without any changes required.
In-case you still need any support with the upgrade, Get in touch with our support team at sms.support@experttexting.com