Important Changes to the eWAY Infrastructure 


Important Changes to SSL Infrastructure


​eWAY will be making a number of changes to our web infrastructure to improve security and performance in the coming months. This will include changes to the SSL infrastructure to remove risk to integrated clients still connecting over insecure SSL protocols.

​By August 2017, ​eWAY will no longer support TLSv1.0 or TLS1.1. This is in line with PCI DSS 3.2 standard changes. This will also mean a number of cipher suites related to 1.0 and 1.1 will no longer be supported.

Please ensure your developer or technical resource enables your servers to support the use of TLS 1.2 for any connections to eWAY.

Please contact us if you have any concerns, or if you require additional details. See below for latest updates.


TIMELINE

Coming Early July 2017:  MYeWAY will only accept TLS 1.2 connections.
Coming August 2017:  eWAY APIs will only accept TLS 1.2 connections

LATEST UPDATES

20th February 2017:  eWAY Sandbox & MYeWAY Sandbox only accept TLS 1.2 connections. We are still working on a solution for Legacy eWAY APIs.

13th February 2017 1:54pm: 
eWAY Sandbox & MYeWAY Sandbox changes for Rapid APIs have been REVERTED – an update on when changes will be live will be updated here.

13th February 201​7 1:30pm: 
eWAY Sandbox changes for Rapid APIs are now live. No changes are available for Legacy eWAY APIs at this stage, further updates will be made closer to the date. ​Examples of legacy endpoints to be updated at a later date can be viewed below:

     Managed Credit Card Payment Test
     Upload Test
     Manage Rebill Test

The eWAY SDKs will also be updated to automatically connect via TLS1.2  as long as your server supports TLS 1.2.

8th February 201​7:
​All changes made in the eWAY Sandbox environment on Monday 13th February will only be available for Rapid APIs. An update to the Legacy eWAY API will be made at a later date, merchants will be notified of this update closer to completion. 

6th February 201​7: All changes will be implemented in the eWAY Sandbox environment to allow for testing on Monday 13th February 2017. These changes will mean that TLS1.0 and TLS1.1 will no longer be available on the Sandbox. Please ensure you have TLS1.2 enabled. For more information, you can view the knowledge article here



What you need to do:

Make sure your browser is up-to-date


​To make sure you are protected by the latest security updates when using eWAY, ​you will need to upgrade your browser to the below version or higher. 

Minimum browser requirements for eWAY and other secure services:
– Chrome 30
– Internet Explorer 11
– IE 10 is acceptable, provided TLS v1.2 is manually enabled
– Firefox 27
– Safari 7

Already upgraded but still having problems? Please get in touch with us

MAKE SURE YOUR eCOMMERCE PLATFORM IS UP-TO-DATE


If you have a developer or hosting partner which manages your platform, ask them if they are connecting to eWAY using TLS 1.2.