Updated: PCI Compliance & TLS 1.0 Retirement

In 2015, the PCI Council mandated support for TLS 1.0 encryption be discontinued to help keep credit card data secure during information transfer at checkout.

In support of this mandate, Moneris has advised merchants to update their preferred browsers to the latest version. Please see some of the recommended browsers below:

Internet Explorer 11
Google Chrome 30 or higher
Mozilla Firefox 27 or higher
Safari 8 or higher

Effective March 29, 2018 Moneris US test environment (esplusqa.moneris.com) was updated to remove TLS 1.0. Vantiv will retirement TLS 1.0 on June 27^th, 2018.

For Moneris Integrators, please see below for a few tips on how to enable TLS 1.2:

ASP .NET/C#

The easiest thing would be to upgrade the .NET framework to 4.6.1 as that uses TLS 1.2 by default. This can be done through the web.config:

<system.web>
    <httpRuntime targetFramework="4.6.1"/>
</system.web>

Alternatively, before forming the http request, add security protocol type as follows:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Using .NET 4.5+, one can also edit the registry based on suggested action in Microsoft’s article below:
https://technet.microsoft.com/en-us/library/security/2960358.aspx#ID0EAGAE
Add SSL Certificates on the computers that need to connect to Moneris (Desktop and Servers).
For card-present, no new dll is required, but the program needs to be recompiled in .NET 4.5+.

If you are using .NET/COM interoperability add the following step

Generate new TLB using .NET 4.5 or 4.6 on the machine and re-register the TLB

Java

Upgrade to Java 8 as this version uses 1.2 by default.
If this is not an option, update to Java 6 – 121 (minimum).

The new jdk.tls.client.protocols System Property may be used to control the protocols for TLS connection.
One may launch their application with this property (e.g. java -Djdk.tls.client.protocols="TLSv1.2" will enable only TLSv1.2 on client SSLSockets).

PHP

Update CURL to use TLS 1.2 by setting CURLOPT_SSLVERSION to CURL_SSLVERSION_TLSv1_2 (6) - http://php.net/manual/en/function.curl-setopt.php

COM

Update WinHTTP: https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1.1-and-tls-1.2-as-a-default-secure-protocols-in-winhttp-in-windows
Upgrade to Windows 8.1+ as TLS 1.2 is enabled by default.
For Windows 7 and 8, this can be set manually via the registry. Refer this article on how to enable this protocols via registry: https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx#Anchor_0

Comment

JoeBoxer

Hello.

For those wanting to migrate their .NET 2.0 framework to use TLS 1.2 you need to install hotfixes on your server:

Windows Vista and Windows Server 2008

support.microsoft.com/.../support-for-tls-system-default-versions-included-in-the-.net-framework

Windows 7 and Windows Server 2008 R2

support.microsoft.com/.../support-for-tls-system-default-versions-included-in-the-.net-framework

Windows Server 2012

support.microsoft.com/.../support-for-tls-system-default-versions-included-in-the-.net-framework

Windows 8.1 and Windows Server 2012 R2

support.microsoft.com/.../support-for-tls-system-default-versions-included-in-the-.net-framework

Once the hotfix is installed you can either make registry changes on the server as indicated OR make code changes in your app to reference TLS 1.2 directly.

C# ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

VB ServicePointManager.SecurityProtocol = DirectCast(3072,System.Net.SecurityProtocolType)