Punya Pertanyaan Seputar Produk dan Layanan Midtrans? Amy Siap Jawab!
Kini Anda bisa mendapat informasi mendasar seputar Midtrans dari Amy, virtual assistant Midtrans. Temukan Amy di website midtrans.com.
We have made a minor adjustment to the Privacy Notice which will go into effect on 30 May 2024. . Click here to review!
See hereThe use of general TLS on online systems still leaves security problems. POODLE, BEAST, CRIME, and Heartbleed are some examples of possible SSL/TLS attacks. In regards to this matter, PCI SSC has required all entities associated with PCI-DSS to disable the use of TLS version 1.0 and earlier at the latest by June 30th, 2018.
As a reliable company, Midtrans is committed to always provide the best services to our partners. Therefore, Midtrans will upgrade our services to disable support for the use of TLS version 1.0 and earlier and will be no longer accepting HTTPS connection using those versions, starting from June 10th, 2018.
Partners are strongly encouraged to upgrade the app connected to Midtrans to TLS version 1.2 (preferable) or TLS version 1.1 (minimum) for all HTTPS connections.
If you use OpenSSL for your TLS connection, you may check the following guide for upgrading OpenSSL package to support TLS v1.1 or TLS v1.2.
First of all, you need to check what your current OpenSSL version is, by running this command on your machine:
$ openssl version OpenSSL 1.0.2n 7 Dec 2017
TLS 1.1 and 1.2 is supported on OpenSSL version v1.0.1 or later. If your OpenSSL version below that version, then you’ll need to upgrade your OpenSSL package.
If you are using Linux as your application server, you need to know which distribution you are using, by run command cat /etc/*-release to find this information.
Following is the sample command on CentOS or RedHat Enterprise Linux :
$ cat /etc/*-release CentOS release 6.5 (Final)
You may upgrade your Linux system to the minimum distribution which supports OpenSSL v1.0.1 or later, before upgrading the OpenSSL package.
$ sudo apt-get update && sudo apt-get install --only-upgrade openssl libssl-dev
. Restart your application once the OpenSSL upgrading process is finished.$ sudo yum update openssl
. Restart your application once the OpenSSL upgrading process is finished.Once upgrading process is done, you should re-check OpenSSL package version by running the following command:
$ openssl version OpenSSL 1.0.2n 7 Dec 2017
You’ll see your OpenSSL package has been upgraded.
You could test and verify your application integration, by accessing our Sandbox environment endpoints. As per June 1, 2018, we are disabling our support for TLS 1.0 on Sandbox environment.
You’ll get an error on the connection while accessing Midtrans services when your system still not support TLS v1.1 or TLS v1.2.
If you are successful in accessing our Sandbox service, then you are already complying with our TLS update. As per June 10th 2018, we are fully not supported TLS v1.0 in our production environment.
Please refer to the following links for information related to this service upgrade:
If you'd like a consultation about TLS, feel free to contact us at mailto:support@midtrans.com.