API TLS upgrade

If you have an API integration to Reepay, this information might be important to you.

To keep your API integration with Reepay secure, we have planned to phase out support for old technologies: SHA-1, TLS 1.0, and TLS 1.1. (These protocols and TLS 1.2 power the 'Secure' in 'HTTPS'.)

Why

SHA-1 is one of the algorithms you can use to authenticate who you’re talking to. It’s now considered dangerously weak, and might allow an adversary to spoof their identity. This is why all modern browsers have stopped accepting SHA-1 certificates.

TLS 1.0 and 1.1 ensure that your communications stay private. In order to do this, they generate a series of random bytes used to encrypt your connection. TLS 1.0 provides two ways of doing this (CBC and RC4), but several vulnerabilities have been discovered in both of them (including BEAST and the RC4 biases). If you kept using old versions of TLS, someone could theoretically sniff your connection.

As a result the internet is moving towards SHA-2 and TLS 1.2. These technologies have few known attacks and were subject to more rigorous security design than their predecessors.

What this means to you

The upgrade process will be seamless for most users. Most frameworks and operating systems support TLS 1.2 out of the box without any changes required, but older clients might be affected, e.g. Java 6. To test if your client supports TLS 1.2, you can make a test HTTPS GET request for the following url:

https://sandbox.reepay.com/api/helloworld

If your client supports TLS 1.2 you will receive the a text response with content Hello world. Otherwise an error will be raised by the client.

If your client does not support TLS 1.2, you will need to make the necessary upgrades to your environment.

Don't hesitate to contact us at support@reepay.com if you have any questions.

Timeline

Reepay will only support TLS 1.2 by the 7th of May 2020