As of 7 August 2017of 31 May 2018, PayU will only support the below listed cipher and protocol combinations.
The PCI Security Standards Council has mandated that all instances of SSL and early TLS must be upgraded to a secure version of TLS. More info here.
These changes are required due to the rise of compromised cipher suites and protocols online and in the industry. In an continued effort to supply our clients with a safe and secure service, only the below listed ciphers will be supported.
In addition, Perfect Forward Secrecy will also be implemented. (please see Q&A section at the bottom of this page for more detail.)
Please note that support for TLS 1.0 will be deprecated on 30 June 2018.
It is highly recommended to test communication / integration against PayU's staging environment before 7 August 2017 in 31 May 2018 in order to assure uninterrupted service.
Staging API : https://staging.payu.co.za/service/PayUAPI
Please refer this communication to your technical / development teams as soon as possible in order to test your compatibility.
It is the merchants responsibility to ensure that these changes are catered for. Failure to do so may result in an inability to communicate with PayU’s platform.
Please note that PayU cannot directly assist in determining whether your system will support these changes or not.
Staging API : https://staging.payu.co.za/service/PayUAPI
Protocol TLS 1.0 (To be deprecated 30 June 2018)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)
TLS_RSA_WITH_SEED_CBC_SHA (0x96)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45)
Protocol TLS 1.1
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)
TLS_RSA_WITH_SEED_CBC_SHA (0x96)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45)
Protocol TLS 1.2
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)
TLS_RSA_WITH_SEED_CBC_SHA (0x96)Supported protocols:
TLS 1.2
Supported cipher suites:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45)
Q&A:
What is a Cipher Suite?
A cipher suite is basically a complete set of methods (technically known as algorithms) needed to secure a network connection through SSL (Secure Sockets Layer) / TLS (Transport Layer Security).
...