Important Changes to the eWAY Infrastructure 

Important Changes to SSL Infrastructure


​eWAY will be making a number of changes to our web infrastructure to improve security and performance in the coming months. This will include changes to the SSL infrastructure to remove risk to integrated clients still connecting over insecure SSL protocols.

​By August 2017, ​eWAY will no longer support TLSv1.0 or TLS1.1. This is in line with PCI DSS 3.2 standard changes. This will also mean a number of cipher suites related to 1.0 and 1.1 will no longer be supported.

Please ensure your developer or technical resource enables your servers to support the use of TLS 1.2 for any connections to eWAY.
For more information you can read:
TLS Integration Guide for Developers/Partners

Please contact us if you have any concerns, or if you require additional details. See below for latest updates.


TIMELINE

COMPLETED July 25, 2017:  MYeWAY will only accept TLS 1.2 connections.
Coming Late September 2017:  eWAY APIs will only accept TLS 1.2 connections

LATEST UPDATES


23rd July 201​7: 
Salesforce have now disabled TLS 1.0. This impacts MYeWAY login page, Community pages, Online sign-up (Pricing Page) and the Partner Portal.

13th February 201​7 1:30pm: 
eWAY Sandbox changes for Rapid APIs are now live. No changes are available for Legacy eWAY APIs at this stage, further updates will be made closer to the date. ​Examples of legacy endpoints to be updated at a later date can be viewed below:

     Managed Credit Card Payment Test
     Upload Test
     Manage Rebill Test

The eWAY SDKs will also be updated to automatically connect via TLS1.2  as long as your server supports TLS 1.2.


What you need to do:

Make sure your browser is up-to-date


​To make sure you are protected by the latest security updates when using eWAY, ​you will need to upgrade your browser to the below version or higher. Customers visiting your website may also need to update their browsers if your website uses an eWAY hosted solution, to capture the card details.

Minimum browser requirements for eWAY and other secure services:
– Chrome 30
– Internet Explorer 11
– IE 10 is acceptable, provided TLS v1.2 is manually enabled
– Firefox 27
– Safari 7

Already upgraded but still having problems? Please get in touch with us

MAKE SURE YOUR eCOMMERCE PLATFORM IS UP-TO-DATE


If you have a developer or hosting partner which manages your platform, ask them if they are connecting to eWAY using TLS 1.2.