TLS 1.0 and 1.1 Support Retirement on July 1, 2020

What is happening? And, when?

To ensure Corrigo maintains PCI compliance, we will deprecate TLS protocol versions 1.0 and 1.1 on July 1st 2020. Both TLS 1.0 and TLS 1.1 are insufficient for protecting information due to known vulnerabilities. Most of the modern browsers already support only newer protocol versions and this change will not affect users who use them.

What is TLS?

TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification.

What do you need to do?

Please upgrade your application to TLS 1.2 before July 1st, 2020. If you are currently using TLS 1.0 or TLS 1.1 to access the CorrigoPro Direct API or your CorrigoPro Direct WebHook doesn't support TLS 1.2 or higher, you will need to upgrade to TLS 1.2 before July 1st , 2020.
If you have any questions, please reach out [email protected].

How can I validate that my integration is compliant?

There are many tools and sites that can assist with validation for your requests and webhook endpoints. Below are a few suggestions:

Validating requests

You can generate a request that targets a URL that will report your TLS version.

One such site is https://www.howsmyssl.com. This site will provide you with an analysis in the response and does not require any type of JavaScript processing for the result.

You will want to see a response that includes the following:

              <p><span class="label okay">Good</span> Your client is using
                TLS 1.2, the most modern version of the encryption
                protocol. It gives you access to the fastest, most secure
                encryption possible on the web.</p>

Validating compliance of your Webhook Endpoint**

There are several sites that will provide you an analysis of support by submitting your URL. One such site is https://www.cdn77.com/tls-test.

You could also validate which TLS versions that you accept with your webhook endpoint by using the command-line tool curl. Using curl, you can use command-line options to select a specific TLS version as in the following example:

curl --tlsv1.2 https://yourserver.com/