VPCart BluePay Direct Post Gateway Is Compatible With Upcoming TLS Security Upgrade
BluePay 1.0 Post
If you are using BluePay payment gateway with VPCart then, you would have received the notification e-mail about an upcoming BluePay TLS security upgrade :
Subject : PCI SSC Has Mandated a TLS Security Upgrade
Mandated Security Update
Transport Layer Security (TLS) is the encryption technology used to protect communications to and from the BluePay gateway. As vulnerabilities are found in older versions of the technology it becomes necessary to discontinue use of those versions.
To be compliant, BluePay will be removing TLS 1.0 and TLS 1.1 from its servers on May 31, 2018. After the removal all connections to the BluePay gateway will need to use TLS 1.2. It is still recommended to verify and test TLS 1.2 compatibility prior to the removal date to insure that there are no issues.
Customer to server integrations such as hosted payment forms will be dependent on the customer's web browser supporting TLS 1.2. A list of compatible web browsers is below.
Server to server integration will require the application performing the post to BluePay to be TLS 1.2 capable. To aid with testing applications loadtest.stg.bluepay.com has been configured to only allow TLS 1.2 connections. This server is for connection testing only. It does not have access to production accounts and cannot be used to process transactions. TLS 1.2 connectivity can be tested by replacing the post URL with one of the following then attempting a transaction. The transaction response MESSAGE value will be "TLS 1.2 SUCCESS" if there is a successful connection.
BluePay 2.0 Post
BluePay 2.0 XML Post
To remain PCI compliant after June 30, 2018 merchants and partners must also limit connections to their servers to TLS 1.1 or above. It is recommended to use TLS 1.2.
We at VPCart have reviewed our BluePay Direct Post payment gateway module for this TLS security upgrade and we can confirm that this gateway is using HTTP Post method which will not be affected by this update.
Therefore, if you continue to get the notification e-mail from BluePay, you can ignore it.
For older VPCart versions (v7, v650 etc..) that still use older version of BluePay 2.0 gateway, this type of gateway is still using XML to communicate with BluePay and will not pass their upcoming TLS security upgrade. We would suggest you to upgrade to our very latest VPCart version and then only use the BluePay Direct Post gateway that you can download from https://www.vpasp.com/sales/epdownload800.asp.
If you have any questions regarding this, please submit a helpdesk ticket to us at https://helpdesk.vpcart.com.
VPCart Customer Care