+1-888-365-2779
Try Now
More in this section

Forums / Ecommerce / Authorize.net TLS 1.0 Remediation and Akamai SureRoute Implementation Effects on Ecommerce Module?

Authorize.net TLS 1.0 Remediation and Akamai SureRoute Implementation Effects on Ecommerce Module?

9 posts, 0 answered
  1. SteveV
    SteveV avatar
    178 posts
    Registered:
    06 Nov 2011
    23 Feb
    Link to this post

    Authorize.net has been sending emails to its’ customers announcing TLS Remediation for PCI DSS Compliance along with the introduction of Akamai SureRoute to “help safeguard against interruptions caused by issues beyond our direct control, such as Internet congestion, fiber cable cuts and other similar issues”.

    Do any of these changes impact the Ecommerce module for SF version 8.2 and beyond?  Here's the content of the most recent email I received from Authorize.net:

     

    Authorize.Net Technical Updates
     
     
    Dear Authorize.Net Merchant:
    Over the next few months, we are making several updates to our systems that you need to be aware of. They are all technical in nature and may require the assistance of your web developer or shopping cart/payment solution provider.
     
    Please read this email carefully, and if you need to find a web developer to help you, please check out our Certified Developer Directory at www.authorize.net/cdd.
     
     
    Akamai SureRoute Reminder
    As we get further into 2016, we want to remind you of our previously announced Akamai SureRoute implementation plan and timelines. Using Akamai's technology will help safeguard against interruptions caused by issues beyond our direct control, such as Internet congestion, fiber cable cuts and other similar issues.
     
    If you have not already, please review the announcement and the Akamai FAQs to determine what action you should take for your particular solution. If your solution uses a firewall, please pay particular attention to this section of the FAQs to make sure you avoid any disruptions to your transaction processing.
     
    Transaction and Batch ID Reminder
    In the coming months, due to system updates, it will be possible to receive Authorize.Net IDs (Transaction ID, Batch ID, etc.) that are not in sequential order.
     
    For example, currently, if you receive a Transaction ID of "1000," you could expect that the next Transaction ID would not be less than 1000. However, after the updates, it will be possible to receive a Transaction ID less than the one previously received.
     
    If your system has any functionality that expects Authorize.Net-generated IDs to be sequential, please update it immediately so that you will not see any disruptions.
     
    Additionally, please make sure that your solution does not restrict any Authorize.Net ID field to 10 characters. If you are required to define a character limit when storing any of our IDs, the limit should be no less than 20 characters.
     
    RC4 Cipher Disablement
    In an effort to ensure that all of your server-to-server communications with the Authorize.Net platform (both transactional and otherwise) maintain the highest levels of security, we will be disabling the RC4 cipher suite during the first half of 2016. A follow-up notification will be sent out once specific dates for the disablement are ready for the sandbox and production environments.
     
    For now, if you have a solution that relies on RC4 to communicate with our servers, please update it to a current, high-security cipher as soon as possible. Please review our API best practices blog post for more information.
     
    TLS Remediation for PCI DSS Compliance
    As you may already be aware, new PCI DSS requirements state that all payment systems must disable TLS 1.0 by 2018. Though we are still finalizing our plans for remediating TLS 1.0 in both sandbox and production, we will be disabling TLS 1.0 in sandbox and production in early 2017. This is to ensure that we are compliant ahead of the PCI date.
     
    In addition, we are discussing the possibility of disabling TLS 1.1 at the same time, because while it is not expressly forbidden, there are enough concerns surrounding it. TLS 1.2 is currently the strongest available protocol, and we strongly urge all merchants and developer partners to use it for their API integrations.
     
    For more information, including updates to the dates we anticipate disabling TLS in each environment, please refer to our previous blog post.
     
    Sincerely,
    Authorize.Net


  2. Foodsleuth
    Foodsleuth avatar
    46 posts
    Registered:
    21 May 2008
    02 Mar in reply to SteveV
    Link to this post
    I'm not getting the sense that Ecomm is being supported much from Telerik. 
  3. SteveV
    SteveV avatar
    178 posts
    Registered:
    06 Nov 2011
    09 Mar
    Link to this post

    I agree--Ecommerce doesn't appear to be getting a whole lotta love.  Traffic on all of the forums seems pretty low and I get the sense that Tekerik replies less and less to forum posts.  Oh well, looks like I'll be opening a ticket for this this.

     

    Steve

  4. Foodsleuth
    Foodsleuth avatar
    46 posts
    Registered:
    21 May 2008
    09 Mar in reply to SteveV
    Link to this post

    Perhaps you could update us when/if you get some additional information?  Thanks!

    Barb

  5. SteveV
    SteveV avatar
    178 posts
    Registered:
    06 Nov 2011
    09 Mar in reply to Foodsleuth
    Link to this post

    Will do.

     

    Steve

  6. SteveV
    SteveV avatar
    178 posts
    Registered:
    06 Nov 2011
    12 Mar
    Link to this post

    Here's the reply I received:

    Hello Steve,

    Thank you for using our services.

    I have sent this information to our developers, however this will take some time in order to evaluate the impact over the ecommerce module.

    I will keep you informed about any news.

    Thank you in advance for your understanding.

    Regards,
    Svetoslav Manchev
    Telerik

  7. Foodsleuth
    Foodsleuth avatar
    46 posts
    Registered:
    21 May 2008
    12 Mar in reply to SteveV
    Link to this post
    Thanks for the update, Steve.
  8. Svetoslav Manchev
    Svetoslav Manchev avatar
    735 posts
    Registered:
    27 Sep 2016
    14 Mar
    Link to this post
    Hi Steve, Barb,

    Discussing the issue with our developers there should no any impact over the current implementation until the changes are applied in the beginning of 2017 there 

    The necessary amendments are under development and are planed for the upcoming releases. Furthermore this seems to be a common requirement for all payment systems.

    Regards,
    Svetoslav Manchev
    Telerik
     
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
     
  9. SteveV
    SteveV avatar
    178 posts
    Registered:
    06 Nov 2011
    15 Mar in reply to Svetoslav Manchev
    Link to this post

    Thanks for the update.

    Steve

9 posts, 0 answered