PCI requirement for TLS1.2 by June 2016

PCI DSS requirements state that all payment systems must disable TLS 1.0 by June 30, 2016. Under that directive, Authorize.net and Orbital have sent messages to many customers that they intend to require TLS 1.2 at a date to be determined.

Theatre Manager conforms with the PCI compliance rule ahead of that date and will connect to TLS 1.1 and/or TLS 1.2 only servers as long as you have either:

PCI DSS requires that web sites should not use low or insecure TLS encryption. Our standard NGINX installers only accept TLS 1.2 connecton.

Also some items in the Sept 2015 Authorize.net newsletter and Orbital communique were some other items of interest, specifically:

  • Auth.net Transaction ID changes for character length up to 20 and arriving in sequential order. None of these affect Theatre Manager as Theatre Manager already permits 50 character authorizations and all we do is store them for reference.
  • SHA2 certificates on the authorization servers. We have tested Theatre Manager and all current versions of TM will connect to a server that uses SHA2 certificates without any changes.
  • Orbital will accept only TLS 1.2 as of May 31, 2017 - and this works in the latest TM

Side note: commerce web sites are going to require TLS 1.1 or later in the near future which could affect usage if some browsers are like the older Internet Explorer