Skip to main content

Merchant Help

 

Affirm Merchant Help

TLS v1 and v1.1 to be deprecated

 

Summary

Notice type

Feature deprecation

Products affected

Affirm API

Action required

Yes

Change effective date

2018-06-01

What’s being deprecated?

PCI Security Standards is deprecating TLS version 1.0 and 1.1 compatible ciphers - the new minimum TLS version is 1.2

How will this affect my Affirm integration?

After the new TLS 1.2 minimum is enforced, any requests that are attempted with TLS 1.0 or 1.1 ciphers will be rejected. As a result, the following Affirm API calls may fail:

  • Authorization
  • Void
  • Capture
  • Refund
  • Update

Since Authorization and Capture charge actions are required to process Affirm transactions, customers will not be able to complete their order with the Affirm payment method if the Authorization and/or Capture calls fail.

What’s required of me?

To update your server's request library or security settings so that only TLS1.2 compatible ciphers are used to establish HTTPS/SSL connections.

PCI Security Standards, blog entry: https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls


PCI Security Standards, migration best practices: https://www.pcisecuritystandards.org/documents/Migrating-from-SSL-Early-TLS-Info-Supp-v1_1.pdf

 

Current List of Supported Ciphers as of 7/2/2018

  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES128-SHA256
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-RSA-AES256-SHA384
  • AES128-GCM-SHA256
  • AES128-SHA256
  • AES256-GCM-SHA384
  • AES256-SHA256
AWS: Supported Protocols and Ciphers
AWS: Predefined SSL Security Policies