Views:

What version of TLS does Authorize.net support?

  • TLS 1.2: Supported
  • TLS 1.3: Supported (only for Portals, API support will be added in the future)

How to Verify Which Cipher is Being Used By Authorize.net?

Run an SSL Labs Report:

  • Visit SSL Labs and run a report on the specific API endpoint or environment you are using. This will provide a detailed list of supported TLS versions and ciphers.

Use Command-Line Tools:

  • OpenSSL: openssl s_client -connect secure.authorize.net:443 -tls1_2
  • Nmap: nmap --script ssl-enum-ciphers -p 443 secure.authorize.net

Browser Developer Tools:

  • Open your browser's developer tools (usually by pressing F12 or right-clicking and selecting Inspect).
  • Navigate to the Security or Network tab to view detailed information about the TLS connection and cipher used.

API Endpoints and Environments

  • Transact - Name Value Pair API
    • Production: secure.authorize.net, secure2.authorize.net
    • Sandbox: test.authorize.net
  • Authorize.net API
    • Production: api.authorize.net, api2.authorize.net
    • Sandbox: apitest.authorize.net

How to verify which cipher my site or solution/software is using?

Reach out to your developer or solution/software provider to confirm the current configuration of your site or application and for details on the ciphers and protocols that are enabled on your site or server/host.

Suggested actions with your developer or solution provider:

  • Work with your provider to run tests using tools like OpenSSL, Nmap, or online services to verify the actual ciphers in use.
    • Review server configuration.
    • Use Command-Line Tools to check TLS and Cipher support:
      • OpenSSL: openssl s_client -connect yourdomain.com:443 -tls1_2
      • Nmap: nmap --script ssl-enum-ciphers -p 443 yourdomain.com
    • Use Online Tools  to check TLS and Cipher support:
      • Visit SSL Labs and run a test on your domain to get a detailed report on supported ciphers and protocols.

Best Practices for TLS Connections

  • Use TLS 1.2 or TLS 1.3: Earlier versions are not supported.
  • Preferred Configurations:
    • ECDHE GCM ciphers
    • PFS (Perfect Forward Secrecy) cipher suites (preferred but not required)
    • Keyed hash functions with SHA-2 or SHA-3 (SHA-1 is not allowed)
    • Authenticated encryption modes (e.g., AES GCM, ChaCha20-Poly1305)

Actions Required Based on Processing Method

  • Using API or SDK Integration
    • Check with Developer/Host: Confirm TLS 1.2 is used and supported ciphers are configured.
    • Update SDK: Ensure the latest SDK update is pulled from GitHub.
    • Verify Configuration: Use tools like How's My SSL or SSL Labs Tes. 
  • Using Hosted Payment Form Solutions (Simple Checkout or Invoicing)
    • No Changes Needed: Ensure customers use up-to-date browsers.
  • Using the Merchant or Partner Interface