All new merchant integrations with Adyen must use TLS 1.2.
The PCI Security Standards Council (PCI SSC) no longer accepts early TLS (TLS 1.0) as a secure communication protocol for transmitting payment card data, and due to this we will be deprecating use of older version of TLS in various parts of the platform as described below:
- Merchants using HPP and Hosted CSE should expect that Adyen payments will no longer operate for shoppers using browsers that only support early TLS on or before February 19th 2018.
- Merchants using CSE will need to have working TLS 1.2 in place before February 19th 2018.
- Merchants using API integrations will need to support TLS 1.2 before February 19th 2018.
- Notifications will use TLS 1.2 from February 19, 2018.
- Adyen Customer Area user browsers will need to support TLS 1.2 before 19 February 2018, and is it advised to begin upgrades now or move to “evergreen” browsers.
Note: Integrations such as Java 7 or .NET 4.0 don’t support TLS 1.2 using default configurations. Integrations using Java 6 and below, .NET 3.5 and below, Python 2.7.8 and below, Ruby 1.9.3 and below, OpenSSL 1.0.0 and below will all be difficult or impossible to configure to use TLS 1.2, and significant migration effort may be required by the merchant. Additionally, shoppers using old browsers (IE8 and IE9 as well as Android versions 4.4 and below) that only support early TLS in combination with Hosted Payment Pages (HPP) and Client Side Encryption (CSE) may be impacted, so our advice is to encourage upgrades.
TLS 1.0 must not be used after June 30th 2018.