Menu

Vantiv ending support of legacy encryption methods, SSLv3, TLS 1.0, and Weak Encryption Cipher Suites June 2018

 

Providing efficient and secure methods of processing payment transactions to our clients is a top priority for Vantiv. As part of these efforts Vantiv will be discontinuing support of legacy encryption methods, such as Secure Socket Layer version 3 (SSLv3) and early versions of Transport Layer Security (TLS 1.0).

The PCI Security Standards Council has declared that SSLv3 and early versions of TLS no longer meet minimum security standards, due to security vulnerabilities for which there are no fixes. SSLv3 and early versions of TLS are network protocols that are used to encrypt and protect Internet communications. SSLv3 has been widely used for over 20 years; however, more than 10 years ago it was superseded by TLSv1, which has since been superseded by TLSv1.1 and v1.2.

Vantiv will end its support of these two network protocols by June 30, 2018.  When Vantiv ends its support of SSLv3 and early TLS, customers that continue to use these protocols will no longer be able to connect to Vantiv using Internet-based services or eCommerce-type applications. In addition, Vantiv will stop supporting weak encryption cipher suites, such as Data Encryption Standard (DES) and Triple Data Encryption Standard (3DES or TDEA).

Merchants and Partners should begin preparations to disable legacy SSLv3 and TLSv1.0 protocols and to enable support of TLSv1.2 for communication with Vantiv platforms prior to the June 2018 date.

While Vantiv will continue support of TLSv1.1, we strongly recommend TLSv1.2 as a long-term solution.

For encryption, Vantiv will only support cipher suites based on Elliptic Curve Diffie-Hellman (ECDHE) and RSA key exchange, Advanced Encryption Standard (AES), and Secure Hash Algorithms (SHA). A list of supported ciphers in order of preference is below:

Cipher ID

Cipher Name

c030

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

c02f

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

c028

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

c014

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

c027

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

c013

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

009d

TLS_RSA_WITH_AES_256_GCM_SHA384

009c

TLS_RSA_WITH_AES_128_GCM_SHA256

003d

TLS_RSA_WITH_AES_256_CBC_SHA256

003c

TLS_RSA_WITH_AES_128_CBC_SHA256

0035

TLS_RSA_WITH_AES_256_CBC_SHA

002f

TLS_RSA_WITH_AES_128_CBC_SHA


To minimize any disruption to processing, Vantiv recommends that our partners and merchants using an ISV solution test TLS-only connectivity to our test host (https://testssl.protectedtransactions.com/auth) to verify you are able to support TLSv1.1 or greater protocol.

For merchants using a stand-alone terminal solution, you will receive information directly if your terminal requires a software download in order to connect via TLS 1.1 or above. Stay tuned for additional details and to understand if your terminal is impacted.

Vantiv is committed to maintaining a high level of security for our customers and aligning with industry standards and best practices for information security.

Thank you for your help to keep your processing secure, if you have any questions please contact your Relationship Manager.

 

Get advantages for your business now