Transport Layer Security (TLS) 1.2

Handy step-by-step instructions

Contact us to create your merchant account and start accepting and making payments in minutes

Get started

The PCI Security Standards Council is requiring all payment processors and merchants to move to TLS1.2 by June 30, 2018.

Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems. It's used to authenticate one or both systems, and protect the confidentiality and integrity of information that passes between systems. TLS 1.0 is an updated version of the Secure Sockets Layer (SSL) protocol, and TLS 1.1 and 1.2 have built on top of that with increasingly enhanced security.

We recommend you upgrade by following our handy step-by-step instructions below before our cut-off date for the TLS1.2 requirement of May 31, 2018.


FAQs

If you are communicating with MYOB (Paycorp) via an HTTPS connection to one of the following URLs on one of the following domains, then this section is for you.

Domains URLs

Paycorp (PYC)
- merchants.paycorp.com.au
- new-merchants.paycorp.com.au
- vault.paycorp.com.au
- merchants1.paycorp.com.au
- secure.globalpoint.com.au

- /paycentre/*
- /paycentre2/*
- /paycentre3/*
- /paycorp-webservice/InterfaceServlet
- /rest/*
- /vault/VaultWebProxy
- /webinterface/*
Paycorp (PYC)
- webservices.paycorp.com.au
- new-webservices.paycorp.com.au
- /wsi/services/*
- /vault/services/*
- /vault/VaultWebProxy
- /fraud-controller/registration/update/*
Bank of New Zealand (BNZ)
- buylineplus.co.nz
- /hosted/*
- /rest/*

More recent versions of Java 7 (as of 1.7.0_131) and 8 support TLSv1.2 by default, so you should upgrade your Java version and that will upgrade the SSL protocol of your HTTPS connections to TLSv1.2.

In recent version of Java the support for 256-bit cryptography has been disabled by default. You will need to download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files here:

Replace the local_policy.jar and US_export_policy.jar jars files in your lib/security in JRE directory.

If you are unable to upgrade Java and you are running on earlier versions of Java 7, you should be able to enable TLSv1.2 by adding following flags to your Java command line arguments:

  • Dhttps.protocols=TLSv1.2
  • Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256

In order to trace SSL requests, please add following flag to your Java command line arguments: -Djavax.net.debug=ssl

Please refer to the relevant technology stack documentation on upgrading to TLSv1.2

To summarise .NET:

  • NET 4.6 and above. You don’t need to do any additional work to support TLS 1.2, it’s supported by default.
  • .NET 4.5. TLS 1.2 is supported, but it’s not a default protocol. You need to opt-in to use it. The following code will make TLS 1.2 default, make sure to execute it before making a connection to secured resource:
    • ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
  • .NET 4.0. TLS 1.2 is not supported, but if you have .NET 4.5 (or above) installed on the system then you still can opt in for TLS 1.2 even if your application framework doesn’t support it. The only problem is that SecurityProtocolType in .NET 4.0 doesn’t have an entry for TLS1.2, so we’d have to use a numerical representation of this enum value:
    • ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
  • .NET 3.5 or below. TLS 1.2 is not supported (*) and there is no workaround. Upgrade your application to more recent version of the framework.
     

For more information visit: https://blogs.perficient.com/microsoft/2016/04/tsl-1-2-and-net-support/

If you are communicating with Paycorp via Webpay Client SDK (Java, Microsoft .NET developer platform
(.NET), etc.) or via opening a direct socket connection to one of the following endpoints, then this section is for you.

Paycorp (PYC)
- merchants.paycorp.com.au:3006 - PYC Live
- merchants.paycorp.com.au:3007 - PYC Test
- merchants.paycorp.com.au:4006 - PYC Live (compatibility mode)
- merchants.paycorp.com.au:4007 - PYC Test (compatibility mode)
Bank of New Zealand (BNZ)
- trans.buylineplus.co.nz:3006 = BNZ Live
- trans.buylineplus.co.nz:3007 = BNZ Test
- trans.buylineplus.co.nz:3008 = BNZ Test
- trans.buylineplus.co.nz:4006 = BNZ Live (compatibility mode)
- trans.buylineplus.co.nz:4007 = BNZ Test (compatibility mode)

Please note that compatibility mode endpoints above were there for SSLv3 support only and they will not be supported after restricting SSL protocols to TLSv1.2 only. If you were using one of the compatibility mode endpoints above, please change your configuration to appropriate Live or Test endpoint once you have upgraded to TLSv1.2.

You need to upgrade to Java webpayClient-4.0.5. Should you encounter an error with this version, please use version 4.0.5.2-b instead.

  • Microsoft .NET developer platform (.NET) API – You need to download the latest .NET SDK v3.0.0
  • Webpay OLE control extension (OCX) or Active Template Library (ATL) – You need to migrate to the Microsoft .NET API. Please download the latest .NET SDK v3.0.0
  • PHP/Perl/Python or any other Open SSL based technology. Please ensure that your version of OpenSSL library supports TLSv1.2 (as of OpenSSL v1.0.2). See OpenSSL 1.0.2 Notes for details.

We encourage you to use our pre-prod environment to test your TLSv1.2 upgrade. As of 3rd of April 2018 our pre-prod environment will only support TLSv1.2 SSL protocol.

Please use following domain names for all your REpresentational State Transfer
(REST) calls to our pre-prod environment.

PROD Domains PRE-PROD Domains
Paycorp (PYC)
- merchants.paycorp.com.au
- new-merchants.paycorp.com.au
- vault.paycorp.com.au
- merchants1.paycorp.com.au
- secure.globalpoint.com.au
- test-merchants.paycorp.com.au
Paycorp (PYC)
- webservices.paycorp.com.au
- new-webservices.paycorp.com.au
- test-ws.paycorp.com.au
Bank of New Zealand (BNZ)
- www.buylineplus.co.nz
- trans.buylineplus.co.nz
- preproduction.buylineplus.co.nz

Please use following endpoints for all your WTS Gateway socket connections.

Paycorp (PYC)
- test-merchants.paycorp.com.au:3006 - PYC Live
- test-merchants.paycorp.com.au:3007 - PYC Test
Bank of New Zealand (BNZ)

Production environment:
- trans.buylineplus.co.nz:3007 - BNZ Test
- trans.buylineplus.co.nz:3008 - BNZ Test (old certificate) 

Pre-production environment:
- preproduction.buylineplus.co.nz:3006 = BNZ Live
- preproduction.buylineplus.co.nz:3007 = BNZ Test
- preproduction.buylineplus.co.nz:3008 = BNZ Test (old certificate)

You don’t need to update/change your certificate for TLSv1.2 – your current certificate supports all SSL protocols and is accepted both in PROD and PRE-PROD environments.

If your implementation of the MYOB PayBy (Paycorp) payment page is within an iframe on a browser, the browser determines the TLS version used. All major browsers (Chrome, Firefox, Internet Explorer, Safari and Opera) support TLS v1.2 by default. For more information about TLS browser support click here.

We’ll be adding regular updates to this support page so come back to stay up to date on TLSv1.2.

Last modified date 5th April 2018

Contact us

email

Need further info about MYOB PayBy?

We're here to help. Get in touch and we'll get back to you as soon as we can

Contact us
bubble-chat

Technical support

Our developers can be reached here with any technical questions you have

Contact our tech team