TLS protocol update

  • Resolved heronhebling

    (@heronhebling)


    2 years, 8 months ago

    Hi!
    I use a payment gateway in woocommerce and they will update the TLS protocols. I received the following message:
    ————

    On September 6, 2022, an update will be made to the TLS protocol that will make access to some ciphers unavailable. That’s why you need to check if you use any of these ciphers and, if so, replace it with one of the accepted ciphers.

    We have recently detected that some of these ciphers are no longer meeting the necessary security standard to ensure your business is secure and reliable. Therefore, these figures will be exchanged.
    See below the figures that will be discontinued:

    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
    TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)
    TLS_RSA_WITH_AES_256_CBC_SHA (0x35
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
    TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
    TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
    TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
    TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
    OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc14)
    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
    OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc13)
    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)

    If you use one of these ciphers, it is necessary to switch to one of the ciphers that are within our security standards and will be maintained:
    TLSv1.2:
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
    It is important that you share this release with your technical team or the e-commerce platform you use to ensure that everything is in order on your system.
    We reinforce that after 06/09, there may be unavailability in your integration with Pagar.me if you still use one of the discontinued figures and, therefore, we recommend that the exchange is made as soon as possible.

    ———-
    How can I check if woocommerce meets new updates?

    Thanks!!

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)

  • Hi @heronhebling! Thanks for reaching out to us!

    To clarify it a bit more! TLS (and also SSL) certs are set up, usually, by your host.

    SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, and many other things!

    You may need to reach out to your hosting company or your certificate issuer to double-check everything, but as a quick view, you can click on the lock, just before your site address at your browser to access your site’s certs.

    You can view that your site is using:

    Connection Encrypted (TLS_AES_128_GCM_SHA256, 128 bit keys, TLS 1.3)

    Pagar.me and your hosting company may be the best option to double-check this, and issue another cert if needed. AFAIK, since you’re using the TLS v 1.3 you’re good to go! ??

    Let us know if we can help you with anything else!

    My very best,

Viewing 1 replies (of 1 total)
  • The topic ‘TLS protocol update’ is closed to new replies.