The PCI SSC has extended the migration completion date to June 30th, 2018 for transitioning to a secure version of TLS.
Please click one of the tabs below to get help with your specific implementation.
PHP-SDK cURL TLS 1.2 handshake failed.
If you have any questions, please contact Specialty Products Team at 866.802.9753. PHP allows complex web applications to be built rapidly. Most of the internet uses this open-source development environment for its speed from concept to deploy. Unfortunately updates are not usually automatic. PCI 3.1 introduces a requirement for the web server to support TLS 1.2 to our portico gateway. In an effort to begin dealing with this challenge prior to the hard final date in 2018 this change was applied already in our SDK.
Changes made to the SDK:
HpsSoapGatewayService | Line #327
Old Gateway: posgateway.cert.secureexchange.net
New Gateway: cert.api2.heartlandportico.com
HpsSoapGatewayService | Line #331
Old gateway: posgateway.secureexchange.net
No error log.
This scenario applies if you suspect TLS or connectivity. Often problems follow an update to a plugin. The merchant pulls in the latest greatest version of the plugin and the change defined above is applied. They may not have access to the server logs. It may be necessary to have the merchant contact the hosting provider and or developer. Error logs are critical to getting a full picture.
For cURL to be able to connect to our PCI 3.1 compliant servers:
cURL needs to be a loaded module and it must be at least version 7.34.0 or higher. PHP Snip: curl_version()['version']
A valid SSL library loaded on the server see this reference. PHP Snip: curl_version()['ssl_version']
PHP 5.5.19 or greater
IP address of server within US or the server IP address exception. Specialty products can service this request. Secure Submit Cert Secure.
SecureSubmitCert@e-hps.com | 866.802.9753
If an independent method of validation of the error or the fix they can upload this file and test. and provide the URL to us if further examination of the results is needed.
Incorrect settings or outdated .NET version.
The .NET 4.5 (or greater) runtime must be installed for TLSv1.2 to be enabled.
The TLS version can be set via ServicePointManager.SecurityProtocol
Incorrect settings or outdated JAVA version.
The TLS version can be set via SSLContext.
The latest Java (currently 8) is preferred. In Java 8, TLSv1.2 is used by default when a TLS version is not specified.
|6 and Earlier||No support. A runtime update is required. (Except possibly for IBM Java. See note below.)|
|7||Available. TLSv1.2 must be explicitly enabled. Use the Heartland JAVA SDK.|
|8||Default. TLSv1.2 is enabled by default. No code change is required, though it is always recommended to make sure you're using the latest Heartland JAVA SDK .|
To check Java, first verify that Java runtime 7 or higher is installed by running java -version from command line. If you have Java 6 or below, please upgrade it first.