PayMaya Checkout TLS 1.2 Merchant Upgrade Guide and FAQ
Posted by Diwa del Mundo • Monday February 26, 2018 03:18 AM

Security in payments processing is critical. It is our job in PayMaya to make sure that your customer's transactions are secured and protected from unauthorized access. Recent vulnerabilities of the Internet’s secure communications protocol SSL and early TLS pose security risks. Because of these risks, we need to restrict the protocol of our payment gateway’s API platform to only TLS 1.2.

 

API connections from your website and backend platform will be restricted to only use TLS 1.2 in the production environment by June 2018. You need to upgrade the SSL/TLS libraries in your website and backend environment to comply with the TLS 1.2 requirement.

 

We cannot do this for you, but we can help guide your technical team with the upgrade. Here are the high-level steps:

 

1 - Determine integration type

There are three main ways to connect to our platform in order of technical difficulty:

 

Plugin (WooCommerce)

SDK (PHP SDK, Ruby SDK, Node.JS SDK)

Direct API integration (custom code)

 

For merchants using our WooCommerce plugin, you are enabled already for TLS 1.2. You do not need to do an upgrade.

 

For merchants who integrated using any of our SDK, most likely you have been enabled already for TLS 1.2, but please proceed to Step 3 - Test integration in the Sandbox environment for verification.

 

The steps to upgrade for direct API integration vary from system to system. For tech stacks that depend on OpenSSL, the approach is to update the OpenSSL library of the operating system and application library (PHP OpenSSL module, Ruby OpenSSL, etc.)

 

2 - Upgrade application environment's SSL/TLS protocols to support TLS1.2

The steps to upgrade the application’s environment depends on the technical stack you are using.

 

For PHP-based applications:

Check your application environment’s configuration using php_info(). You should have tlsv1.2 as part of your “Registered Stream Socket Transports.”

Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2

If you do not have tlsv1.2, please upgrade your application environment, e.g., sudo apt-get update && sudo apt-get install --only-upgrade openssl.

 

3 - Test integration in the Sandbox environment

Once you have upgraded or if you want to verify your integration, you can connect to our sandbox environment. Our sandbox environment is already restricted to accept only connections using TLS 1.2.

 

For merchants using our PHP SDK, initialize the SDK with your sandbox API keys and with the "SANDBOX' parameter:

PayMayaSDK::getInstance()->initCheckout(sandbox-public-facing-API-key, sandbox-secret-API-key, "SANDBOX");

For direct API integration, change your code to connect to the sandbox API endpoint (https://pg-sandbox.paymaya.com) and use your sandbox API keys.

 

Verify if your application works as expected. If it works as expected, you are ready to upgrade your production environment.

 

4 - Upgrade your production environment

Apply the application environment upgrade steps, like upgrading your SSL libraries, to your production environment. You also need to make sure that your application uses the production API endpoint (https://pg.paymaya.com) and use your production API keys.

 

For merchants using our PHP SDK, initialize the SDK with your sandbox API keys and with the "PRODUCTION' parameter:

PayMayaSDK::getInstance()->initCheckout(prod-public-facing-API-key, prod-secret-API-key, "PRODUCTION");

 

If you have done it correctly, your application should work as expected.

 

FAQ

 

Alright, I'm lost, what do I need to do?

You need to work with your developer or technical team to do the upgrade. You need to upgrade your application’s backend environment to use the newer TLS 1.2 protocol when calling the PayMaya Payment Gateway. If you do not upgrade, you won't be able to accept payments by May 24, 2018.

 

Where can I find more information?

https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls

 

I am using the PayMaya Checkout WooCommerce plugin, how do I perform the upgrade?

If you’re using our WooCommerce plugin, you are using TLS 1.2 already, so you do not need to perform any more actions.

 

My application is using Ruby / Python / Java. How do I verify and upgrade my application environment?

https://community.developer.visa.com/t5/Developer-Tools/Upgrade-to-TLS-1-2-Let-security-be-part-of-your-development/ba-p/6691

 

What are the deadlines for sandbox and production environments?

April 24, 2018, 11:59:59 PM - Sandbox

May 24, 2018, 11:59:59 PM - Production