This communication has been updated as of April 3, 2018
Please note: If you are not responsible for making these updates in your organization, please forward this email to the applicable person or department.
We have made an update to our TLS retirement date. As of Monday, April 30, 2018, we will no longer support the TLSv1.0 & 1.1 protocol. To prevent any potential service disruption, it is imperative you complete Sandbox testing to ensure your processing solution is able to support the TLSv1.2 protocol prior to the retirement date.
Please be advised if you recently completed Sandbox testing between November 19th – November 28th, it will be necessary for you to retest, as our TLSv1.2 support was not implemented during that period. We do apologize for any inconvenience related to this. Additionally, if you process transactions via Batch using our FTP service, the testing window was closed as of February 9, 2018
We have also provided a helpful timeline, FAQ and PCI reference document to assist you with this process. We have posted the document to our support forum, which you can access by clicking here. Any relevant updates made to testing environments, timelines or any additional TLS-related details will be posted there. It is imperative you review these details to determine what will be applicable for your business environment.
Please be advised if you are currently using Transporter or Direct Bill we highly recommend that you use an alternative method to prevent service disruption. You can contact our Integration department at email@example.com for additional information.
TLSv1.0 & 1.1 Retirement Timeline:
TLS Sandbox Testing is Available:
Forte has discontinued support for TLSv1.0 & 1.1 in our Sandbox environment. Testing will be available for all Forte products, Web Services and applicable Integration methods with exception to mobile and FTP (Batch).
January 22, 2018 – February 9, 2018 Batch Testing Available:
We will provide a testing window and FTP location for merchants who utilize our Batch services. It is recommended that TLS updates are made prior to using our test environment to minimize implementation delays. After the designated date we will no longer support a test environment for Batch.
March 7, 2018 Live Production Test Window:
Forte will temporarily disable support of TLSv1.0 & 1.1 for a period of time during business hours so we can gauge the volume of merchants who are attempting to send transactions using the outdated protocols. If you have not made the appropriate updates you may experience service disruption. Action will need to be taken to correct this to ensure service will not be impacted on the final retirement date.
April 30, 2018 Official Retirement Date:
We will permanently retire support for TLSv1.0 & 1.1. Once it is discontinued, we will not be able to turn on support for the deprecated protocols. If action has not been taken to make the appropriate updates, processing capabilities will be interrupted until support for TLSv1.2 is enabled.
TLSv1.0 & 1.1 Retirement FAQ
What is TLS?
Transport Layer Security (TLS) is a technology protocol used to encrypt sensitive information exchanged over the Web.
Why is Forte making this change?
In response to the Payment Card Industry Data Security Standards (PCI DSS) version 3.1, Forte will discontinue support for older TLS versions 1.0 and 1.1. Effective April 30, 2018, Forte will only support TLSv1.2, as it is the most secure TLS protocol. More information about the security requirements can be found here.
Who is impacted by this change?
All merchants and partners that use HTTPS to connect to Forte’s gateway must upgrade their software applications and browsers to support TLSv1.2 by April 3, 2018.
What action do I need to take?
Please note that action required may vary depending on the type of application or processing software you use. Failure to make the applicable updates could cause service disruption.
For Web-browser applications, we recommend upgrading to the following browser versions:
- Internet Explorer 11
- Google Chrome 30 or higher
- Mozilla Firefox 27 or higher
- Safari 8 or higher
If you use a 3rd party software provider or web hosting company, we strongly recommend that you contact them and prompt them to perform any relevant updates necessary to support TLSv1.2.
Important Note: If you are unsure of your processing environment and how this change impacts you, please engage your in-house technology resources such as IT or Network Operations to evaluate your current environment and perform any necessary upgrades.
What browsers will NOT be supported?
Effective April 3, 2018, the following browsers will not be supported:
- Internet Explorer 10
- Google Chrome 29
- Google Android Browser 4.4
- Mozilla Firefox 27
- Safari 8
- iOS 4
How can I check to see what protocol my browser currently supports?
There are several websites that can check your browser’s protocol support, click here to access one that some of our merchants have used.
Do I need to make any changes if I only use Forte products?
Yes. While Forte’s products have been upgraded to support TLSv1.2, you still must ensure that you are using the most secure TLSv1.2 protocol to connect to our processing gateway.
Additional information on actions required for Forte products, solutions and integration methods can be found by clicking here.
Will Forte provide a testing environment?
Yes. Forte merchants, partners, and developers can complete their independent testing to verify if their systems can support TLSv1.2. Please click here to view the testing information by solution chart.
Upon testing your application in Sandbox, you will receive an error message if you are attempting to process using a lower protocol such as TLSv1.0 or TLSv1.1. Our sandbox environment will only support TLSv1.2 after November, 2018.
What Cipher Suites does TLSv1.2 support?
TLSv1.2 currently supports the following cipher suites listed in server-preferred order.
|TLS 1.2 (suites in server-preferred order)|
|TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS||256|
|TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS||128|
|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS||256|
|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS||256|
|TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS||128|
My solution is managed through a third-party vendor, are they responsible for the update?
If a third-party vendor provides support for your browser-based or native applications, we recommend checking with your vendor to ensure they will support TLSv1.2. Forte is not responsible for making changes specific to third-party software.
Legacy - Retired Solutions
Forte retired on-going support for Transporter and Direct Billing in 2014 & 2015 respectively, however, there may be merchants who continue to use these solutions. We highly recommend discontinuing the use of these products and switching to an alternative solution prior to the TLSv1.0 & 1.1 retirement. We anticipate these solutions will be impacted, and service disruption may occur. These solutions are part of our legacy product line and are no longer supported. Merchants who previously used Transporter can complete a manual upload, or seek an alternative automated solution to complete the upload process. Most Direct Billing customers have transitioned to using the Virtual Terminal or our Dex processing platform. Please contact our Integration Team for more details via email at firstname.lastname@example.org.
Who should I contact if I have additional questions regarding the TLS retirement?
Updating your TLS protocol may require additional technical guidance, so we highly recommend consulting with your network operations or IT department. You can also contact our Technical Support team to receive more details regarding the TLS retirement at email@example.com or if you have an equipment related question you can contact firstname.lastname@example.org.