Providing efficient and secure methods of processing payment transactions to our clients is a top priority for Vantiv. As part of these efforts, Vantiv will be discontinuing support of legacy encryption methods, such as Secure Socket Layer version 3 (SSLv3) and early versions of Transport Layer Security (TLS 1.0).
The PCI Security Standards Council has declared that SSLv3 and early versions of TLS no longer meet minimum security standards, due to security vulnerabilities for which there are no fixes. SSLv3 and early versions of TLS are network protocols that are used to encrypt and protect Internet communications. SSLv3 has been widely used for more than 20 years; however, more than 10 years ago it was superseded by TLSv1, which has since been superseded by TLSv1.1 and v1.2.
Vantiv will end its support of these two network protocols by June 30, 2018.
When Vantiv ends its support of SSLv3 and early TLS, customers that continue to use these protocols will no longer be able to connect to Vantiv using Internet-based services or eCommerce-type applications. In addition, Vantiv will stop supporting weak encryption cipher suites, such as Data Encryption Standard (DES) and Triple Data Encryption Standard (3DES, or TDEA).
Merchants and Partners should begin preparations to disable legacy SSLv3 and TLSv1.0 protocols and to enable support of TLSv1.2 for communication with Vantiv platforms prior to the June 2018 date.
While Vantiv will continue support of TLSv1.1, it strongly recommends TLSv1.2 as a long-term solution. For encryption, Vantiv will only support cipher suites based on Elliptic Curve Diffie-Hellman (ECDHE) and RSA key exchange, Advanced Encryption Standard (AES), and Secure Hash Algorithms (SHA).
What is Changing?
We will be discontinuing SSLv3, TLS 1,0, and weak ciphers according to the following schedule on the following environments:
- Pre-Live and Post-Live – Jan 15, 2018
- Production – April 9, 2018
To minimize any disruption to processing, Vantiv recommends that our partners and merchants test their TLS-only connectivity as soon as feasible.
The new list of supported protocols (in order of preference):
- TLS 1.2
- TLS 1.1 (not recommended)
The new list of supported ciphers (in order of preference):
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
- TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
- TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
- TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
- TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
- TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
- TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Vantiv eCommerce is committed to maintaining a high level of security for our customers, and aligning with industry standards and best practices for information security.
If you have any questions, please contact your eCommerce relationship or partner manager.