Problems with TLS 1.2 and IPP320 code

IPP320 and TLS . Ever since the upgrade to TLS 1.2 on January 31 I have been unable to get my IPP320 to work correctly. I am currently using C# with .NET 4.5.1. I have set the service to TLS 1.2 by adding code to the Moneris demo program (Ektrin) without any success.

Is there a working demo program from Moneris that works in .NET 4.0 or higher with the new TLS.

I am still using the old NST.DLL could that be the issue?

  • Using .NET 4.5+, you can edit the registry to enable TLS 1.2: technet.microsoft.com/.../2960358.aspx
  • Is this problem solve? I got the same issue.
  • In reply to Alexeander:

    Hello, please implement the following fixes and attempt to re-compile the code as recommended on Feb 9 above.
    - Upgrade the .NET framework to 4.6.1 as that uses TLS 1.2 by default. This can be done through the web.config:
    <system.web>
    <httpRuntime targetFramework="4.6.1"/>
    </system.web>

    - Alternatively, before forming the http request, add security protocol type as follows:
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

    - Using .NET 4.5+, one can also edit the registry based on suggested action in Microsoft’s article below:
    technet.microsoft.com/.../2960358.aspx
    - Add SSL Certificates on the computers that need to connect to Moneris (Desktop and Servers). i.e. download them via the browser
    - For the Card Present, dll change is not needed, but the program needs to be recompiled in .NET 4.5+.

    Does the above help?
  • In reply to ND_Moneris:

    Thanks, it helps. By the way, in may case, it turns out the final solution works the way below:
    1. Do the first step as you suggested ( use .Net Framework 4.6 or the alternative way to enable TLS1.2 support)
    2. Adding the PINpad to the user's moneris' account. (for the testing purpose, use the test account with store_id=store_ppi and apk_token:ppiguy)
  • In reply to Alexeander:

    Thank you for sharing it with us. Much appreciated.
  • What prevents the provided DLL's, such as eSELECTplus_dotNet_API-US.dll, from being updated to include the line of code that enforces use of TLS 1.2:
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

    Wouldn't that save everyone who uses DLL's from having to make changes to their individual programs?
  • In reply to VincePerta:

    This presumes that you are running at that level of .NET. We are at 4.0

    I used the November 30th, 2016 DLL and put in
    ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072

    and we were fine
  • In reply to VincePerta:

    Thank you for asking the question. eSELECTplus_dotNet_API-US.dll, is card not present DLL, the topic above is regarding the Nst.dll for card present solutions.

    Further, the eSELECTplus_dotNet_API-US.dll, is compiled under .Net Framework 2.0.

    By ensuring the eSELECTplus_dotNet_API-US.dll, is complied under .Net Framework 2.0, our integrators/merchants that operate in frameworks that don't natively or don't support TLS 1.2 at all, can still use our updated DLL-features in the future DLL releases and ensure they are can still connect to the gateway by coding only a wrapper or a relays to handle the connections. In short, it allows backwards compatibility at feature level.
  • In reply to ScobolGuy:

    Thanks, that's looks like a good workaround for those using 4.0. If I end up having to code a wrapper using that version, I might need it.
  • In reply to ND_Moneris:

    Sorry, I see a number of threads here on the forums relating to the TLS version change, that seem independent of any single .DLL.

    I've been searching for details on the TLS change and the recommended solutions. Due to a problem with our company's account profile, we did not receive any email communications regarding the change, and all I've been able to get from our relationship manager at Moneris is a document specific to Canada, dated January X, 2017.

    If that information is not available, can you at least confirm that Moneris will not be releasing updated .DLL's, nor wrappers/relays, that handle TLS >1.0.
  • In reply to VincePerta:

    Hello, we are not going to be able to confirm that we are not releasing nay updated DLLs. The DLLs may be updated in the future with additional functionalities.

    Regarding the notification, as a Moneris merchant on the Moneris Gateway, it is a good idea to add your e-mail to the Notification Email section located under Admin menu item once you login.

    Steps:
    1) Login to Merchant Resource Centre (USA version or Canadian version)
    2) Click Admin menu
    3) Click Notification Email
    4) Enter notification e-mail in correct e-mail format
    5) Save the changes
    6) Logout of proceed to other pages as needed.

    If you are an independent developer or a development firm contracted my a Moneris merchant, please ensure our mutual client adds your e-mail under the notifications section in the Merchant Resource Centre (also commonly referred to as the VT).

    Thank you.