On January 12, 2016, Chargify will no longer support TLS 1.0 or TLS 1.1 over HTTPS on the chargify.com domain. Any older browsers or API clients that do not support TLS 1.2 will no longer work after this date. This change is mandated by the PCI Security Council and affects all merchants and service providers processing or transmitting credit card data.
If you use webhooks, your non-test endpoints will also be required to support HTTPS and TLS 1.2 in order to receive webhooks from us after January 12, 2016. Any endpoints that do not support a TLS 1.2 connection will be disabled.
Why are we making this change?
The PCI Security Council sets the rules on which technologies are acceptable for use in transmitting cardholder data. They have explicitly identified TLS 1.0 as no longer being a strong form of encryption because it is vulnerable to many known attacks.
This is not an action Chargify is taking alone. EVERY website that transmits or processes credit card data will be making this change. If you or your customers are using an insecure or unsupported browser or API client, you will find that all secure websites will stop working very soon.
How do I know if I’m affected?
Most browsers have supported TLS for at least the last few years. So end-users are unlikely to be affected by this change. The biggest impact is likely to be felt by API users with very old libraries.
A comprehensive list of support is available here: https://www.ssllabs.com/ssltest/clients.html
How to Test:
- Point your browser, API client, or code to https://tlscheck.chargify.com
- You should expect to see “ConnectionOK” (with a 200 response code)
- If you see that, then you have successfully connected and are all set
- If your client throws an SSL, TLS, Connection, or Negotiation error, then you will need to upgrade your language or library in order to remain compatible
API Library Support
If you have code that connects with the Chargify API, you must ensure that it will continue to work after January 12, 2016. Each language and library is different, but we’ve identified the popular ones that may be of concern.
These languages will need significant changes/upgrades in order to work:
- Java 6u45 / 7u45
- .NET before 4.5 (does not support TLS 1.2)
- .NET 4.5 (must be have setting changed to explicitly enable TLS 1.2)
- OpenSSL 0.9.8
Most dynamic languages such as Ruby, PHP, & Python rely on the underlying operating system’s OpenSSL version. You can check it by running
openssl version. 1.0.1 in the minimum required.
We would be happy to help you ensure compatibility in any way we can. However, please keep in mind that we are not experts in every language or framework and so we aren’t able to test or fix your code for you.
Most browsers have supported TLS 1.2 for several years.
The following browsers DO NOT support TLS 1.2 and will no longer work.
- Google Chrome 29
- Firefox 26
- Internet Explorer 10
- Safari 8
- iOS 4
- Android 4
If you use Chargify solely through Shopify, you do not need to take any action. We have already ensured everything will continue to work.
Further Reading & Resources:
Language Specific Instructions
Complete instructions for various programming languages are available on our docs site at: https://help.chargify.com/announcements/tls-upgrade-notice.html#language-specific-instructions