TLS Updates

Newtek is firmly committed to providing the highest level of security for out merchants developers and partners. In 2015 the PCI Security Standards Council mandated that merchants discontinue the use of Transport Layer Security (TLS) 1.0 by June 2018. The TLS 1.0 encryption standard no longer meets minimum security requirements due to vulnerabilities in the protocol that cannot be fixed. It is critically important that all entities upgrade to a TLS 1.2+ and disable any fallback to TLS v1.0 as soon as possible.

Important Dates

Newtek will begin phasing out TLS 1.0 and 1.1 over the next few months. The date each environment will be phased out is listed below:

Environment URL Date
Sandbox sandbox.newtekgateway.com February 1, 2018
Primary URL secure.newtekgateway.com June 29, 2018 at 10 AM PST

We encourage merchants and developers to migrate an outdated software as soon as possible.

Testing Your Update

The easiest way to test that you are no longer using an insecure encryption protocol is to test against the our sandbox environment after the insecure protocol has been depreciated on 2/1/2018.

Click here for more information on requesting a sandbox account.

Learn More

For frequently asked questions and more information on why the change is being made, click here.

Workarounds

Below we have outlined some environments we have determined may be effected by this change as well as some workarounds for each.

.NET Framework

.Net Framework 3.5 and below does not support TLS 1.2.

.Net Framework 3.5.1 Microsoft Support has an update and instructions: https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework

.Net Framework 4.5 supports TLS 1.2 but does not use it by default, the following needs to be added before connecting:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

Found here https://blogs.perficient.com/microsoft/2016/04/tsl-1-2-and-net-support/

4.6+ Should support TLS 1.2 by default.

DotNet DLL

If you are using the DotNet DLL, you will not need to recompile your software, just update the .NET Framework as noted in the section above. Then drop in the replacement DLL file listed below according to the current version you are using.

If you are using version... Update to version:
Versions 1.** or 2.** DotNet DLL 2.0
Version 3.0 and above DotNet DLL 4.0

DotNet DLL Scanner Tool

The scanner tool listed below should locate your current DLL version, update it to be TLS 1.2 compatible and update your .NET Framework as well. Simply download and run the tool.

DotNet DLL Update Tool

.NET Payment Engine SDK

If you are using the .Net Payment Engine SDK, you can use the instructions above to update your .Net Framework, or download the latest version of the .NET Payment Engine SDK here.

EpayCharge

If you are using the Mac or Linux versions of EpayCharge, no updates are necessary.

If you are using the Windows version of EpayCharge, you will need to download the newest Windows version of EpayCharge which can be found here.

For more information on installing new EpayCharge version 3.3 and setup click here.

Please Note: USB swipers must be encrypted to be compatible with the new EPayCharge version.

If you already have version 3.1 installed, EPayCharge will update your current version to the newest version and save your previous history.

If you already have version 3.3 installed, and you run this installer, you will be prompted to either remove the existing version or repair the existing version.

If no previous version is detected, the program will be installed normally as a new program with no history.

Browser

If you process transactions on the merchant console through your browser, you will need to verify that the browser you are using to process payments is TLS 1.2 compatible. To test your current browser compatibility you can use this third party browser testing service from Qualys' SSL Labs: https://www.ssllabs.com/ssltest/viewMyClient.html

Please Note: that this test and some others may not run successfully depending on your exact system and network configuration and should only be used as a guide.

These browsers do support the latest encryption standards:

You can also use the guide below to check to see if your current browser is compatible.

Browser Version TLS 1.2 Compatibility Notes
Microsoft Edge Desktop and mobile versions Compatible by default
Microsoft Internet Explorer (IE) Desktop and mobile IE version 11 Compatible by default.
Desktop IE versions 9 and 10 Capable when run in Windows 7 or newer, but not by default. Click here for instructions on enabling TLS 1.2 in settings. Windows Vista and older operating systems, such as Windows XP, are not compatible with TLS 1.2 encryption.
Desktop IE versions 8 and below Not compatible or stable with TLS 1.2 encryption.
Mozilla Firefox Firefox 27 and higher Compatible by default
Firefox 23 to 26 Capable, but not by default. Click here for instructions on enabling TLS 1.2 in settings or download the latest version listed above.
Firefox 22 and below Not compatible with TLS 1.2 or higher encryption.
Google Chrome Google Chrome 38 and higher Compatible by default
Google Chrome 22 to 37 Capable when run in Windows XP SP3, Vista, or newer (desktop), OS X 10.6 (Snow Leopard) or newer (desktop), or Android 2.3 (Gingerbread) or newer (mobile). Click here for instructions on enabling TLS 1.2 in settings or download the latest version listed above.
Google Chrome 21 and below Not compatible with TLS 1.2 encryption.
Google Android OS Browser Android 6.0 (Marshmellow) and higher Compatible by default
Android 5.0 (Lollipop) and higher Compatible by default
Android 4.4 (KitKat) to 4.4.4 Capable, but not by default.
Android 4.3 (Jelly Bean) and below Not compatible with TLS 1.2  encryption.
Apple Safari Desktop Safari versions 7 and higher for OS X 10.9 (Mavericks) and higher Compatible by default
Desktop Safari versions 6 and below for OS X 10.8 (Mountain Lion) and below Not compatible with TLS 1.2 encryption.
Mobile Safari versions 5 and higher for iOS 5 and higher Compatible by default
Mobile Safari for iOS 4 and below Not compatible with TLS 1.2 encryption.

Mobile App

If you process through the mobile app, make sure that the operating system version is compatible with TLS 1.2 (compatibility information listed below) and that the mobile app is the most recent version listed in the app store.

Operating system Version TLS 1.2 Compatibility Notes
Android Android 5.0 (Lollipop) and higher Compatible by default. If your Android version is lower than 5.0 you will need to update your Android Version to process using the mobile app.
iOS iOS 9 and higher Compatible by default. If your iOS version is lower than 9.0 you will need to update your device to process using the mobile app.