Follow

TLS 1.2 Requirement

Beginning on June 1st, 2018, in accordance with PCI security guidelines, PayJunction requires the use of TLS 1.2 while establishing connections to our API.

Therefore, developers that are using platforms that do not support TLS 1.2 or higher will not be able to establish connections with the PayJunction API.

Recognizing Errors Related to TLS

Connection errors that are related to TLS will vary depending on the platform and library you are using. In general, the error message will reference SSL/TLS explicitly, or make reference to a "handshake" error or an "error when establishing secure communication."

Below are specific examples for common platforms:

PHP + cURL

When using PHP and the cURL library for connecting to the PayJunction REST API, cURL will return an error with code 35 and a message similar to the following:

error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol

To capture this error you must make sure to capture it in your code using the builtin functions curl_errno and curl_error:

$content = curl_exec($ch);
$contentType = curl_getinfo($ch, CURLINFO_CONTENT_TYPE);
$curl_errno = curl_errno($ch);
$curl_error = curl_error($ch);

.Net (ASP.Net, C#.Net, VB.Net, etc.)

The following text is included in the error message when .Net is unable to negotiate the secure connection:

The request was aborted: Could not create SSL/TLS secure channel.

Fixing Connection Errors Related to TLS

Generally speaking, the HTTP library or software platform should auto-negotiate the most secure protocol supported by both the server and the client. Consult the documentation for your HTTP library or platform for the correct way to enable TLS 1.2 if it is not supported by default.

Below are specific examples for commonly used platforms:

PHP + cURL

The best way to fix this error is to make sure cURL is on the latest version and then remove any lines specifying the version of TLS to use. This will cause the connection to be negotiated with the server and will not require future code updates when TLS 1.2 is itself retired. 

If that option is not available, or you must specify a version for other reasons, the following will tell cURL to explicitly negotiate to TLS 1.2:

curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);

.Net (ASP.Net, C#.Net, VB.Net, etc.)

Unless you are using .Net version 4.6 or above, you must specify in your code that you want to default to TLS 1.2 before you attempt to make the connection:

.Net 4.5

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

.Net 4.0

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

Need more assistance?

PayJunction Technical Support can be reached by: