What version of TLS does Authorize.net support?

Authorize.net supports the following TLS protocols:

• TLS 1.2 - Supported
• TLS 1.3 - Supported but only for Portals. API support will be added in the future.

How can I find out what protocols and ciphers Authorize.net supports?

ECDHE GCM ciphers are preferred. For a full list/report, you can run an SSL Labs report to see and verify the supported TLS versions and ciphers. Please see below for a list by API endpoint and environment and link to the report.

Transact

Production

• secure authorize.net
• secure2 authorize.net

Sandbox

• test authorize.net

ANET API

Production

• api authorize.net
• api2 authorize.net

Sandbox

• apitest authorize.net

What are the current best practices for setting up a new server-to-server connection that relies on TLS?

Only TLS 1.2 should be used as earlier versions are no longer supported. With the TLS 1.2 protocol, any modern cipher suites may be used to initiate the secure handshake, but there are some preferred configurations:

• ECDHE GCM ciphers are preferred.
• Perfect Forward Secrecy (PFS) cipher suites are preferred but not required.
• Keyed hash functions must be used with either SHA-2 or SHA-3. SHA-1-based functions are not allowed.
• Authenticated encryption modes (e.g. AES GCM, ChaCha20-Poly 1305) must be preferred first over other AES modes (e.g. AES-CBC).

What actions do I need to take?

This will depend on how you are currently processing transactions with Authorize.net:

• Processing using API or SDK - If you are currently taking payments/transactions through a website, shopping cart, or other software, you will need to check with your developer or host/solution provider to confirm your website is connecting through TLS 1.2 and supported ciphers. For SDK users, please ensure that you have pulled and are using the most recent update for any SDK via Github and that TLS 1.2 is enabled and being used. You may see what your website/shopping cart or server supports using such sites as: How's My SSL or SSL Labs.
• Processing visa Simple Checkout or Invoicing - If you currently use our Simple Checkout (HTML generated buy now buttons) or Invoicing service (generate email invoices for payment), there are no changes needed. As these products rely on the customer's web browser, as long as the customers are using up-to-date browsers they will not encounter any errors related to TLS of Cipher support.
• Processing via the Merchant or Partner Interface - If you are currently logging into Merchant Interface or Partner Interface you should ensure you have upgraded your browser to a version that supports TLS 1.2. You may also test your current browser using sites such as: SSL Labs or How's My SSL. To see what browsers support TLS 1.2, please find a list here provided by SSL Labs: SSL Labs Clients. See Supported Browsers, for what browsers and version Authorize.net supports.