Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

TLS 1.2 Compliancy Master-Thread

Status
Not open for further replies.

HTSChris

Vendor
Mar 26, 2016
56
US
Before I start a duplicate; is there one, elsewhere...already?

If not...I have questions; as I'm sure we all must have.
 
Really? Are we the only ones struggling with this??

We have 2 tests: howsmyssl and ssllabs. We've been getting some "splits", but putting more weight...on the ssllabs test.

2_-_Copy_t0kxcw.jpg


However...we still have some MICROS sites, with Host connectivity issues; rolling blackouts, etc.

Our understanding...from Microsoft themselves...was to run this update, and Reg patch.

But; we're still having mixed results.

What are YOU guys doing?? [upsidedown]
 
You're having issues with TLS 1.2 with Micros? As far as I'm aware there is no requirement that EVERYTHING on the system is TLS 1.2, just anything processing payments, and being on Windows 7 and the updated transaction vault driver is all you need.
 
Well, Moregelen; as I'm sure you're aware...TLS is a Windows thing, not a MICROS thing.

If by saying, your understanding is that "everything is on the system"; if you mean, newer systems staged by MICROS...then probably yes. Also...not everyone, by a long shot; uses a TVC driver. There's Heartland, TSYS, et al.

An independent like us; we have many configurations in the field. But...Win (7), is Win; and this is about patching it, so that you're off (way off)...SSL, TLS 1.0, 1.1, and onto 1.2
 
I cannot speak for Micros but I can tell you that the software you're running and the OS both need to be able to use TLS 1.2. The credit card software should be trying to use the highest level of security that the PC will allow and the website on the other side will as well.
 
I'm well aware that the TLS protocol and version supported has to do with the operating system, but it isn't purely an issue of operating system. Windows 7 shouldn't have any issues at all with TLS 1.2, especially if you haven't killed windows update at some point in the past - which you shouldn't have if you're trying to stay PCI compliant.

The issue you are having is likely due to the driver, not the OS. The OS does not control the protocol used by the software, it only controls the protocols available to the software. We just finished patching 894 locations with updated credit cards drivers that use TLS 1.2 - the only locations where the OS was the issue were windows XP locations, of which we killed off the last of maybe a year ago at this point. Just because your OS supports TLS 1.2 and your browser is using TLS 1.2 (which is what your screenshot appears to be testing) doesn't mean the credit card software is using TLS 1.2. Try updating it.

A lot of software is setup the let the OS pick the newest version of TLS and handle it from there, but not all software; most of the micros credit card drivers out there, from what I've seen, don't automatically choose the newest TLS version.

Edit: Key line from the microsoft post you linked -

This can allow certain applications that were built to use the WinHTTP default flag to be able to leverage the newer TLS 1.2 or TLS 1.1 protocols natively without any need for updates to the application.

Also:

This update will not change the behavior of applications that are manually setting the secure protocols instead of pass the default flag.
 
Hi everyone,
Oracle published Document ID 2311832.1 on 6/21 regarding POS Product versions and what credit card interface drivers are required for TLS v1.2 support. For my concepts, we are already running 5x and we updated our direct drivers last year so we won't be affected by this. I attached the document from MOS.
 
 https://files.engineering.com/getfile.aspx?folder=da313463-1635-44dd-a755-c287ca765014&file=Document_2311832.1.pdf
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top